CVE-2023-7061

Name of the Vulnerable Software and Affected Versions Advanced File Manager Shortcodes plugin for WordPress versions up to, and including, 2.5.3

Description The issue allows authenticated attackers with contributor access or above to upload arbitrary files on the affected site's server, which may make remote code execution possible. This is due to the vulnerability to arbitrary file uploads in the affected plugin.

Recommendations For versions up to, and including, 2.5.3, update to a version above 2.5.3 to resolve the issue. As a temporary workaround, consider restricting access to the file upload functionality to minimize the risk of exploitation.