CVE-2024-7627

HIGH

Bit File Manager 6.0-6.5.5 - Unauthenticated Remote Code Execution via Temporary File Race Condition

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-7627. PoCs published by siunam321, lkmn1.

AI-analyzed exploit summary This PoC exploits a race condition in WordPress plugin Bit File Manager (versions 6.0-6.5.5) to achieve unauthenticated remote code execution via a temporary file in a publicly accessible directory. The script uses asynchronous requests to win the race condition and execute arbitrary commands.

Description

The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated attackers to execute code on the server if an administrator has allowed Guest User read permissions.

Exploits (2)

nomisec WORKING POC 6 stars

by siunam321 · poc

https://github.com/siunam321/CVE-2024-7627-PoC

View Code ZIP pw:eip

This PoC exploits a race condition in WordPress plugin Bit File Manager (versions 6.0-6.5.5) to achieve unauthenticated remote code execution via a temporary file in a publicly accessible directory. The script uses asynchronous requests to win the race condition and execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: WordPress Bit File Manager plugin 6.0-6.5.5

No auth needed

Prerequisites: Guest User read permissions enabled · Shortcode 'file-manager' configured by administrator

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by lkmn1 · poc

https://github.com/lkmn1/CVE-2024-7627

View Code ZIP pw:eip

This is a functional PoC exploit for CVE-2024-7627, leveraging a race condition in the Bit File Manager WordPress plugin to achieve unauthenticated RCE via temporary PHP file creation and execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: Bit File Manager WordPress plugin (versions 6.0 – 6.5.5)

No auth needed

Prerequisites: Guest User Read feature enabled in the plugin · Access to the target WordPress site

MITRE ATT&CK

T1210 - Exploitation of Remote Services T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Product

https://plugins.trac.wordpress.org/browser/file-manager/trunk/backend/app/Providers/FileEditValidator.php#L39

Product

https://plugins.trac.wordpress.org/browser/file-manager/trunk/backend/app/Providers/FileEditValidator.php#L88

Patch

https://plugins.trac.wordpress.org/changeset/3138710/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/5f29de7a-3f15-4b6d-aad7-6a08151e2113?source=cve

Scores

CVSS v3 8.1

EPSS 0.0280

EPSS Percentile 84.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-362 CWE-94

Status published

Products (1)

bitapps/file_manager 6.0 - 6.5.6

Published Sep 05, 2024

Tracked Since Feb 18, 2026