CVE-2023-4861: File Manager Pro < 1.8.1 - Admin+ Remote Code Execution
First published: Mon Oct 16 2023(Updated: )
The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ninjateam Filester | <1.8.1 | |
| <1.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-4861?
CVE-2023-4861 is a vulnerability found in the File Manager Pro WordPress plugin before version 1.8.1 that allows admin users to upload arbitrary files, leading to remote code execution.
How severe is CVE-2023-4861?
The severity of CVE-2023-4861 is high, with a severity value of 7.2.
How does CVE-2023-4861 affect the File Manager Pro WordPress plugin?
CVE-2023-4861 affects the File Manager Pro WordPress plugin before version 1.8.1 by allowing admin users to upload arbitrary files, even in environments where they should not have full control.
How can I fix CVE-2023-4861?
To fix CVE-2023-4861, update the File Manager Pro WordPress plugin to version 1.8.1 or later, which addresses the vulnerability.
Where can I find more information about CVE-2023-4861?
More information about CVE-2023-4861 can be found at the following reference link: [https://wpscan.com/vulnerability/7fa03f00-25c7-4e40-8592-bb4001ce019d].
- collector/nvd-index
- agent/type
- agent/severity
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- vendor/ninjateam
- canonical/ninjateam filester