← Back

File Manager Advanced Shortcode

file_manager_advanced_shortcode

Vendor: Advancedfilemanager • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-7061
1Advancedfilemanager
1File Manager Advanced Shortcode
Apr 8, 2026
Jul 10, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with contributor access or...Show more
The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with contributor access or above to upload arbitrary files on the affected site's server which may make remote code execution possible.Show less
CVE-2023-2068
1Advancedfilemanager
1File Manager Advanced Shortcode
Nov 21, 2024
Jun 27, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type l...Show more
The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.Show less