CVE-2023-5604

Name of the Vulnerable Software and Affected Versions Asgaros Forum WordPress plugin versions prior to 2.7.1

Description The issue allows forum administrators to set insecure configuration, enabling unauthenticated users to upload dangerous files, such as .php or .phtml, potentially leading to remote code execution.

Recommendations For versions prior to 2.7.1, update to version 2.7.1 or later to resolve the issue. As a temporary workaround, consider restricting file upload capabilities to authenticated users only, and limit the types of files that can be uploaded to prevent dangerous files from being uploaded.