VulnCheck KEV: CVE-2020-35235

vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects...

WordPress Plugin secure-file-manager Access Control Errorl Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An access control error vulnerability exists in the Wordpress secure-file-manager plugin through...

CVE-2020-35235

vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects product...

Remote code execution

vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects product...

CVE-2020-35235

CVE-2020-35235 affects the WordPress Secure-File-Manager plugin (through version 2.5). The root cause is loading elFinder code via vendor/elfinder/php/connector.minimal.php without proper access control, enabling any authenticated user to issue the elFinder upload command and achieve remote code ...

CVE-2020-35235

vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects product...

CVE-2020-35235

vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects product...

PT-2020-17295 · WordPress · Secure-File-Manager

Name of the Vulnerable Software and Affected Versions: Secure-file-manager plugin versions through 2.5 for WordPress Description: The issue arises from the secure-file-manager plugin loading elFinder code without proper access control, allowing any authenticated user to run the elFinder upload...

WordPress Secure File Manager plugin <= 2.5 - Authenticated Remote Command Execution (RCE) vulnerability

Authenticated Remote Command Execution RCE vulnerability found by NinTechNet in WordPress Secure File Manager plugin versions = 2.5. Solution The plugin has been removed from the wordpress.org plugin repository. We highly recommend deleting this plugin from your WordPress sites. wordpress.org...