CVE-2023-4861

Name of the Vulnerable Software and Affected Versions File Manager Pro WordPress plugin versions prior to 1.8.1

Description The issue allows admin users to upload arbitrary files, leading to remote code execution, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation.

Recommendations For versions prior to 1.8.1, update to version 1.8.1 or later to resolve the issue. As a temporary workaround, consider restricting file upload capabilities for admin users in multisite installations until the update can be applied.