Vulnerability in Advanced File Manager Shortcodes plugin for WordPress allows reads of arbitrary files on the server
CVE-2023-7062

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Advanced File Manager Shortcodes
Vendor: CVE Published:; 10 July 2024

Summary

The Advanced File Manager Shortcodes plugin for WordPress is susceptible to a directory traversal vulnerability that affects all versions up to and including 2.4. This flaw allows attackers with contributor-level permissions or higher to traverse the directory structure, potentially gaining unauthorized access to sensitive files stored on the server. Such access can expose critical information, compromising both user data and system integrity.

Affected Version(s)

Advanced File Manager Shortcodes * <= 2.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://advancedfilemanager.com/product/file-manager-adva...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 10, 2024
Vulnerability Reserved
Dec 21, 2023

Credit

Colin Xu