Published: 27/06/2023 Updated: 07/11/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Subscribe to File Manager Advanced Shortcode

The File Manager Advanced Shortcode WordPress plugin up to and including 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.

Vulnerable Product	Search on Vulmon	Subscribe to Product
advancedfilemanager file manager advanced shortcode

Check Point Reference: CPAI-2022-1142 Date Published: 29 Jan 2023 Severity: Critical ...

File Manager Advanced Shortcode version 232 suffers from a remote code execution vulnerability ...

WordPress File Manager Advanced Shortcode plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode This leads to remote code execution in cases where the allowed MIME type list does not include PHP files In the worst case, this is available to unauthenticated users, but it also works in an authenticat ...

https://wpscan.com/vulnerability/58f72953-56d2-4d86-a49b-311b5fc58056 http://packetstormsecurity.com/files/173735/WordPress-File-Manager-Advanced-Shortcode-2.3.2-Remote-Code-Execution.html https://nvd.nist.gov https://packetstormsecurity.com/files/172707/File-Manager-Advanced-Shortcode-2.3.2-Remote-Code-Execution.html https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2022-1142.html

CVE-2023-2068

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect