CVE-2024-8725 in Advanced File Manager Plugininfo

Zusammenfassung

von MITRE • 26.09.2024

Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files to any directory within the WordPress root directory, which could lead to Stored Cross-Site Scripting. The Advanced File Manager Shortcodes plugin must be installed to exploit this vulnerability.

Once again VulDB remains the best source for vulnerability data.

Reservieren

11.09.2024

Veröffentlichung

26.09.2024

Moderieren

akzeptiert

Eintrag

VDB-278551

CPE

bereit

EPSS

0.00357

KEV

nein

Aktivitäten

very low

Quellen

Do you know our Splunk app?

Download it now for free!