CVE-2020-35235

Name of the Vulnerable Software and Affected Versions Secure-file-manager plugin versions through 2.5 for WordPress

Description The issue arises from the secure-file-manager plugin loading elFinder code without proper access control, allowing any authenticated user to run the elFinder upload command and achieve remote code execution. This affects products that are no longer supported by the maintainer.

Recommendations For versions through 2.5, consider disabling the elFinder upload command as a temporary workaround until a patch is available, but note that since these versions are no longer supported, a patch may not be forthcoming. At the moment, there is no information about a newer version that contains a fix for this vulnerability.