Critical severity9.8NVD Advisory· Published Jun 27, 2023· Updated Jun 17, 2026
CVE-2023-2068
CVE-2023-2068
Description
The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=2.3.2
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/173735/WordPress-File-Manager-Advanced-Shortcode-2.3.2-Remote-Code-Execution.htmlnvdExploitThird Party AdvisoryVDB Entry
- wpscan.com/vulnerability/58f72953-56d2-4d86-a49b-311b5fc58056nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.