CVE-2023-3814

medium

Description

The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.

References

https://wpscan.com/vulnerability/ca954ec6-6ebd-4d72-a323-570474e2e339

Details

Source: Mitre, NVD

Published: 2023-09-04

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N