Arbitrary File Upload Vulnerability in WordPress Advanced File Manager Plugin

Summary

The Advanced File Manager plugin for WordPress has a vulnerability that allows authenticated users with Subscriber-level roles or higher to perform arbitrary file uploads. This security issue arises from inadequate file type validation in the 'class_fma_connector.php' file present in all versions up to and including 5.2.10. If exploited, this vulnerability can lead to remote code execution, where attackers may upload malicious files to the server, compromising the security of the entire WordPress site. Site administrators are advised to review their plugin versions and implement suitable security measures.

References