CVE-2023-7062

EUVD-2023-59249
The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WordfenceCNA
8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
References
https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress/
https://www.wordfence.com/threat-intel/vulnerabilities/id/8bf009f5-cf9e-4d38-9679-d3abb5817d30?source=cve
https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress/
https://www.wordfence.com/threat-intel/vulnerabilities/id/8bf009f5-cf9e-4d38-9679-d3abb5817d30?source=cve