CVE-2020-35235
CVE-2020-35235 affects the WordPress Secure-File-Manager plugin (through version 2.5). The root cause is loading elFinder code via vendor/elfinder/php/connector.minimal.php without proper access control, enabling any authenticated user to issue the elFinder upload command and achieve remote code ...