Medium severity6.5NVD Advisory· Published Dec 11, 2023· Updated Jun 17, 2026
CVE-2023-5907
CVE-2023-5907
Description
The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <6.3
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/f250226f-4a05-4d75-93c4-5444a4ce919envdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.