Unrated severityNVD Advisory· Published Jun 27, 2023· Updated Feb 13, 2025

File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

CVE-2023-2068

Description

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.

Affected products

Unknown/File Manager Advanced Shortcodev5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/58f72953-56d2-4d86-a49b-311b5fc58056mitreexploitvdb-entrytechnical-description
packetstormsecurity.com/files/173735/WordPress-File-Manager-Advanced-Shortcode-2.3.2-Remote-Code-Execution.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.056
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000