Description

The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with contributor access or above to upload arbitrary files on the affected site's server which may make remote code execution possible.

Related CPE's

a

advancedfilemanager

file_manager_advanced_shortcode

*

*

*

*

*

wordpress

Vulnerable

References

https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress/

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/26050f70-7a10-4df5-acd5-1c9e7613bf2c?source=cve

Third Party Advisory

https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress/

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/26050f70-7a10-4df5-acd5-1c9e7613bf2c?source=cve

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-434

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2024-07-10T00:15:02.740Z

1 year ago

Last modified

2024-11-21T07:45:09.753Z

1 year ago