CVE-2023-3814

EUVD-2023-44447
The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
advancedfilemanageradvanced_file_manager
𝑥
< 5.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wpscan.com/vulnerability/ca954ec6-6ebd-4d72-a323-570474e2e339
https://wpscan.com/vulnerability/ca954ec6-6ebd-4d72-a323-570474e2e339
https://wpscan.com/vulnerability/ca954ec6-6ebd-4d72-a323-570474e2e339