3 matches found
CVE-2023-4827 File Manager Pro < 1.8 - Remote Code Execution via CSRF
The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell...
CVE-2023-4827
CVE-2023-4827 concerns the WordPress plugin File Manager Pro (pre-1.8). The issue is an improper CSRF nonce check in the fs_connector AJAX action, allowing an attacker to trigger highly privileged file-system actions via CSRF using GET requests. Potential impact includes uploading a web shell and...
WordPress File Manager Pro Plugin < 1.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software File Manager Pro Type Plugin Vulnerable versions 1.8 Fixed in 1.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4827 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID f857273165df Credits Dmitrii Ignatyev Required...