CVE-2023-7062

{"id": "CVE-2023-7062", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-07-10T02:15:02.960", "references": [{"url": "https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress/", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8bf009f5-cf9e-4d38-9679-d3abb5817d30?source=cve", "source": "security@wordfence.com"}, {"url": "https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8bf009f5-cf9e-4d38-9679-d3abb5817d30?source=cve", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-538"}]}], "descriptions": [{"lang": "en", "value": "The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive information."}, {"lang": "es", "value": "El complemento Advanced File Manager Shortcodes para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 2.4 incluida. Esto hace posible que los atacantes con acceso de colaborador o superior lean el contenido de archivos arbitrarios en el servidor, que pueden contener informaci\u00f3n confidencial."}], "lastModified": "2026-04-08T18:18:47.640", "sourceIdentifier": "security@wordfence.com"}