CVE-2020-35235
HIGH
8,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM
6,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: single
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0899
Percentile
0,9th
Updated
EPSS Score Trend (Last 91 Days)
Application
Secure File Manager by Themexa
Version Range Affected
To
2.5
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:themexa:secure_file_manager:*:*:*:*:*:wordpress:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://blog.nintechnet.com/authenticated-rce-vulnerability-in-wordpress-secure…
https://wordpress.org/plugins/secure-file-manager/#developers
https://blog.nintechnet.com/authenticated-rce-vulnerability-in-wordpress-secure…
https://wordpress.org/plugins/secure-file-manager/#developers