Lucene search
K

12 matches found

Vulnrichment
Vulnrichment
added 2025/05/15 5:22 a.m.7 views

CVE-2024-13914 File Manager Advanced Shortcode <= Multiple Versions - Authenticated (Administrator+) Local JavaScript File Inclusion via Shortcode

The File Manager Advanced Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 file-manager-advanced-shortcode and 2.5.6 advanced-file-manager-pro-premium, via the 'filemanageradvanced' shortcode. This makes it possible for authenticated...

7.2CVSS7.4AI score0.00746EPSS
Exploits0References2
CVE
CVE
added 2025/05/15 5:22 a.m.43 views

CVE-2024-13914

Summary: CVE-2024-13914 affects the WordPress plugins File Manager Advanced Shortcode (versions up to 2.5.4) and advanced-file-manager-pro-premium (2.5.6). It is a Local File Inclusion vulnerability exploitable via the file_manager_advanced shortcode, enabling authenticated administrators (and hi...

7.2CVSS7.4AI score0.00746EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/10/14 12:0 a.m.412 views

WordPress File Manager Advanced Shortcode 2.3.2 Code Injectin / Shell Upload

============================================================================================================================================= | Title : WordPress File Manager Advanced Shortcode 2.3.2 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/07/28 5:25 p.m.60 views

Metasploit Weekly Wrap up

Unauthenticated RCE in VMware Product This week, community contributor h00die added an exploit module that leverages a command injection vulnerability in VMWare Aria Operations for Networks, formerly known as vRealize Network Insight. Versions 6.2 to 6.10 are vulnerable CVE-2023-20887. A remote...

7.5CVSS9.6AI score0.98243EPSS
Exploits15
Metasploit
Metasploit
added 2023/07/25 7:50 p.m.871 views

Wordpress File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The Wordpress plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users, but is also works in an...

9.8CVSS9.2AI score0.3962EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/07/25 12:0 a.m.335 views

WordPress File Manager Advanced Shortcode 2.3.2 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution through shortcode', 'Description' = %q The Wordpress plug...

9.8CVSS7.1AI score0.3962EPSS
Exploits8
Cvelist
Cvelist
added 2023/06/27 1:17 p.m.45 views

CVE-2023-2068 File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

9.7AI score0.3962EPSS
Exploits8References2
Vulnrichment
Vulnrichment
added 2023/06/27 1:17 p.m.15 views

CVE-2023-2068 File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...

6.7AI score0.3962EPSS
Exploits8References2
Patchstack
Patchstack
added 2023/06/27 12:0 a.m.25 views

WordPress File Manager Advanced Shortcode Plugin <= 2.3.2 is vulnerable to Remote Code Execution (RCE)

Software File Manager Advanced Shortcode Type Plugin Vulnerable versions = 2.3.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-2068 Patch priority High CVSS severity High 10 Developer Claim ownership PSID f57871788c33 Credits Mateus Machado Tesser...

9.8CVSS7.1AI score0.3962EPSS
Exploits8References2Affected Software1
wpexploit
wpexploit
added 2023/05/31 12:0 a.m.189 views

File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users. 1. Add the following shortcode to a...

9.8CVSS9.3AI score0.3962EPSS
Exploits8
WPVulnDB
WPVulnDB
added 2023/05/31 12:0 a.m.45 views

File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users. PoC 1. Add the following shortcode to ...

9.8CVSS9.2AI score0.3962EPSS
Exploits8Affected Software1
seebug.org
seebug.org
added 2015/09/11 12:0 a.m.20 views

WordPress media-file-manager-advanced Plugin Multiple Vulnerabilites

No description provided by source. Post Delete http://domain.tld/wp-admin/admin-ajax.php?action=mfmarelocatordelete post: id=17 MKDIR http://domain.tld/wp-admin/admin-ajax.php?action=mfmarelocatormkdir newdir=EVEXFOLDER folder exists: http://domain.tld/wp-contents/uploads/EVEXFOLDER RMDIR Dir Mus...

7.1AI score
Exploits0
Rows per page
Query Builder