WordPress File Manager Advanced Shortcode Plugin <= 2.3.2 is vulnerable to Remote Code Execution (RCE)

Software File Manager Advanced Shortcode Type Plugin Vulnerable versions = 2.3.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-2068 Patch priority High CVSS severity High 10 Developer Claim ownership PSID f57871788c33 Credits Mateus Machado Tesser...

PT-2023-17545

Name of the Vulnerable Software and Affected Versions File Manager Advanced Shortcode WordPress plugin versions 2.3.2 and earlier Description The issue arises from inadequate prevention of uploading files with disallowed MIME types when using the shortcode, leading to remote code execution RCE in...

CVE-2023-35885

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication...

CVE-2023-35885

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication...

CVE-2023-35885

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication...

Authentication flaw

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication...

3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad

Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into...

3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad

Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into...

CloudPanel 安全漏洞

CloudPanel is a free software from CloudPanel open source. It is used to configure and manage servers. A security vulnerability exists in CloudPanel versions prior to 2.3.1 that stems from having insecure file manager cookie authentication...

CVE-2023-35885

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication...

CVE-2023-35885

CloudPanel 2.x versions before 2.3.1 are vulnerable due to insecure file-manager cookie authentication, enabling remote code execution as root (CVSS 3.1: 9.8). Public disclosures and proof-of-concept tooling exist (Nuclei template for CVE-2023-35885; GitHub exploit). Affected product: CloudPanel;...

WordPress File Manager Pro 8.3.1 Backup Disclosure

==================================================================================================================================== | Title : WordPress - file manager pro 8.3.1 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

Unlimited Elements For Elementor < 1.5.67 - Contributor+ Arbitrary File Upload

The plugin does not validate files in its file manager feature, allowing users with a role of contributor and above to upload arbitrary files...

WordPress Plugin Frontend File Manager Security Bypass Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security bypass vulnerability exists in the WordPress plugin Frontend File Manager, which is caused by a lack of authentication protection,...

CVE-2021-4368

The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfmsavesettings AJAX action. This makes it possible for subscriber-level attackers to ed...

CVE-2021-4359

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. This is due to lacking authentication protections and lacking a security nonce on the wpfmdeletefile AJAX action. This makes it possible for...

CVE-2021-4356

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Download in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfmfilemetaupdate AJAX action. This makes it possible...

CVE-2021-4369

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2. This is due to lacking authorization protections, checks against users editing other's posts, and lacking a security nonce, all on the wpfmeditfiletitledesc AJ...

CVE-2021-4365

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to, and including, 18.2. This is due to lacking authentication protections and santisation all on the wpfmeditfiletitledesc AJAX action. This makes it possible for...

CVE-2021-4365

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to, and including, 18.2. This is due to lacking authentication protections and santisation all on the wpfmeditfiletitledesc AJAX action. This makes it possible for...