PT-2024-15191 · WordPress · Advanced File Manager Shortcodes

Colin Xu

Published

2024-07-10

Updated

2024-07-11

CVE-2023-7062

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Advanced File Manager Shortcodes plugin for WordPress versions up to, and including, 2.4

Description The issue allows attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive information, due to a Directory Traversal vulnerability.

Recommendations For versions up to, and including, 2.4, update to a version higher than 2.4 to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-538

Related Identifiers

CVE-2023-7062

Affected Products

Advanced File Manager Shortcodes

PT-2024-15191 · WordPress · Advanced File Manager Shortcodes

CVE-2023-7062

Weakness Enumeration

Related Identifiers

Affected Products

References · 7