CVE-2023-4827

Name of the Vulnerable Software and Affected Versions File Manager Pro WordPress plugin versions prior to 1.8

Description The issue arises from the improper checking of the CSRF nonce in the fs connector AJAX action. This allows attackers to perform highly privileged file system actions via CSRF attacks by using GET requests, such as uploading a web shell, by exploiting highly privileged users.

Recommendations For versions prior to 1.8, update to version 1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the fs connector AJAX action to minimize the risk of exploitation.