CVE-2024-13914

Summary: CVE-2024-13914 affects the WordPress plugins File Manager Advanced Shortcode (versions up to 2.5.4) and advanced-file-manager-pro-premium (2.5.6). It is a Local File Inclusion vulnerability exploitable via the file_manager_advanced shortcode, enabling authenticated administrators (and hi...

WordPress plugin File Manager Advanced Shortcode 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

Metasploit Weekly Wrap up

Unauthenticated RCE in VMware Product This week, community contributor h00die added an exploit module that leverages a command injection vulnerability in VMWare Aria Operations for Networks, formerly known as vRealize Network Insight. Versions 6.2 to 6.10 are vulnerable CVE-2023-20887. A remote...

Wordpress File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The Wordpress plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users, but is also works in an...

CVE-2023-2068

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

CVE-2023-2068

The CVE-2023-2068 issue affects the WordPress File Manager Advanced Shortcode plugin (versions

CVE-2023-2068 File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

CVE-2023-2068 File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

WordPress File Manager Advanced Shortcode Plugin <= 2.3.2 is vulnerable to Remote Code Execution (RCE)

Software File Manager Advanced Shortcode Type Plugin Vulnerable versions = 2.3.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-2068 Patch priority High CVSS severity High 10 Developer Claim ownership PSID f57871788c33 Credits Mateus Machado Tesser...