CVE-2023-2068

Name of the Vulnerable Software and Affected Versions File Manager Advanced Shortcode WordPress plugin versions 2.3.2 and earlier

Description The issue arises from inadequate prevention of uploading files with disallowed MIME types when using the shortcode, leading to remote code execution (RCE) in cases where the allowed MIME type list does not include PHP files. This can be exploited by unauthenticated users in the worst-case scenario.

Recommendations For versions 2.3.2 and earlier, update to a version that includes a fix for this issue to prevent the uploading of files with disallowed MIME types. As a temporary workaround, consider restricting access to the shortcode or disabling it until a patch is available. Restrict the allowed MIME type list to only include necessary file types to minimize the risk of exploitation.