CVE-2024-0761: 
WordPress vulnerability analysis and mitigation

The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.2.1. The vulnerability stems from insufficient randomness in the backup filenames, which utilize a timestamp plus 4 random digits (NVD).

The vulnerability is tracked as CVE-2024-0761 and has received a CVSS v3.1 base score of 7.5 (HIGH) from NIST with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. Wordfence has assigned a slightly higher CVSS score of 8.1 (HIGH) with vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-330 (Use of Insufficiently Random Values) (NVD).

The vulnerability allows unauthenticated attackers to potentially extract sensitive data, including site backups, in configurations where the .htaccess file in the directory does not block access. This exposure of sensitive information could lead to unauthorized access to confidential data (NVD).

Users should update to a version newer than 7.2.1 of the File Manager plugin. A patch has been released to address this vulnerability, as evidenced by the changes in the WordPress plugin repository (WordPress Plugin).