WordPress Plugin Vulnerabilities

File Manager Pro < 8.3.5 - Authenticated (Subscriber+) Arbitrary File Upload

Description

The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server. Version 8.3.5 introduces a capability check that prevents users lower than admin from executing this function.

Affects Plugins

Plugin icon
wp-file-manager-pro
Fixed in 8.3.5

References

CVE
CVE-2023-6846
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/1e8e0257-a745-495f-a103-c032b95209fc

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Tobias Weißhaar (kun_19)
Verified
No
WPVDB ID
25c7e667-2988-4361-8c0b-c576ef088446

Timeline

Publicly Published
2024-01-24 (about 3 months ago)
Added
2024-01-24 (about 3 months ago)
Last Updated
2024-01-24 (about 3 months ago)

Other

Published
Title
Published
2014-08-01
Title
AREA53 <= 1.0.5 - File Upload Code Execution
Published
2023-03-20
Title
JetEngine < 3.1.3.1 - Author+ Remote Code Execution
Published
2014-08-01
Title
WordPress 2.1.1 - Command Execution Backdoor
Published
2014-09-22
Title
Flash Uploader <= 3.1.2 - Arbitrary Comm& Execution
Published
2014-08-01
Title
EZPZ One Click Backup <= 12.03.10 - Unauthenticated Command Execution