Vulnerabilities

CVE-2020-35235

by Fred · 13/12/2020

vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Date published : 2020-12-13

Authenticated RCE vulnerability in WordPress Secure File Manager plugin (unpatched).

https://wordpress.org/plugins/secure-file-manager/#developers

Similar

Tags: Cybersecurity Alert