Advancedfilemanager ≫ File Manager Advanced Shortcode

2 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

8.8

CVE-2023-7061

EPSS 12.27%
Veröffentlicht 10.07.2024 02:15:02
Zuletzt bearbeitet 21.11.2024 08:45:09

The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with contributor access or above to upload arbitrary fil...

9.8

CVE-2023-2068

Exploit

EPSS 67.96%
Veröffentlicht 27.06.2023 14:15:10
Zuletzt bearbeitet 21.11.2024 07:57:52

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files...