The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server. Version 8.3.5 introduces a capability check that prevents users lower than admin from executing this function.
Metrics
Affected Vendors & Products
References
History
Fri, 18 Oct 2024 12:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Filemanagerpro file Manager
|
|
CPEs | cpe:2.3:a:filemanagerpro:file_manager:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Filemanagerpro file Manager Pro
|
Filemanagerpro file Manager
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-02-05T21:27:12.028Z
Updated: 2024-08-02T08:42:08.097Z
Reserved: 2023-12-15T15:04:41.365Z
Link: CVE-2023-6846
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-02-05T22:15:56.887
Modified: 2024-11-21T08:44:40.213
Link: CVE-2023-6846
Redhat
No data.