CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 0CVE-2023-7061 – Advanced File Manager Shortcode <= 2.5.3 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-7061
08 Jul 2024 — The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with contributor access or above to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento Advanced File Manager Shortcodes para WordPress es vulnerable a la carga de archivos arbitrarios en todas las versiones hasta la 2.5.3 incluida. Esto hace posible que ... • https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7062 – Advanced File Manager Shortcodes <= 2.4 - Authenticated (Contributor+) Directory Traversal
https://notcve.org/view.php?id=CVE-2023-7062
08 Jul 2024 — The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive information. El complemento Advanced File Manager Shortcodes para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 2.4 incluida. Esto hace posible que los atacantes con acceso de colaborador ... • https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •