CVE-2023-4861— File Manager Pro < 1.8.1 - Admin+ Remote Code Execution
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-4861
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
File Manager Pro < 1.8.1 - Admin+ Remote Code Execution
Source: NVD (National Vulnerability Database)
Vulnerability Description
The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress plugin File Manager Pro 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin File Manager Pro 1.8.1 版本之前存在代码注入漏洞,该漏洞源于允许管理员用户上传任意文件,即使在此类用户无法完全控制服务器的环境中(例如多站点安装)也是如此。 这会导致远程代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Unknown | File Manager Pro | 0 ~ 1.8.1 | - |
II. Public POCs for CVE-2023-4861
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-4861
请登录查看更多情报信息。
- https://wpscan.com/vulnerability/7fa03f00-25c7-4e40-8592-bb4001ce019dexploitvdb-entrytechnical-description
- https://nvd.nist.gov/vuln/detail/CVE-2023-4861
Same Patch Batch · Unknown · 2023-10-16 · 40 CVEs total
| CVE-2023-4950 | Funnelforms Free < 3.4 Unauthenticated Stored Cross-Site Scripting | |
| CVE-2023-3154 | NextGEN Gallery < 3.39 - Admin+ PHAR Deserialization | |
| CVE-2023-4691 | Bookly < 22.4 - Admin+ SQLi | |
| CVE-2023-4783 | Magee Shortcodes <= 2.1.1 - Contributor+ Stored XSS via shortcode | |
| CVE-2023-4795 | Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS | |
| CVE-2023-4687 | PageLayer < 1.7.7 - Unauthenticated Stored XSS | |
| CVE-2023-4388 | EventON < 2.2 - Admin+ Stored XSS | |
| CVE-2023-5167 | User Activity Log Pro < 2.3.4 - Unauthenticated Stored Cross-Site Scripting via User Agent | |
| CVE-2023-4776 | WPSchoolPress < 2.2.5 - Teacher+ SQLi | |
| CVE-2023-4643 | Enable Media Replace < 4.1.3 - Author+ PHP Object Injection | |
| CVE-2023-4805 | Tutor LMS < 2.3.0 - Subscriber+ Stored Cross-Site Scripting | |
| CVE-2023-5087 | PageLayer < 1.7.8 - Author+ Stored XSS | |
| CVE-2023-4862 | File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting | |
| CVE-2023-4819 | Shared Files < 1.7.6 - Unauthenticated Stored Cross-Site Scripting | |
| CVE-2023-5177 | Vrm 360 3D Model Viewer <= 1.2.1 - Full Path Disclosure | |
| CVE-2023-4971 | Weaver Xtreme Theme Support < 6.3.1 - Admin+ PHP Object Injection | |
| CVE-2023-4290 | WP Matterport Shortcode < 2.1.7 - Reflected XSS | |
| CVE-2023-4620 | Booking Calendar < 9.7.3.1 - Unauthenticated Stored XSS | |
| CVE-2023-3392 | Read More & Accordion < 3.2.7 - Admin+ PHP Object Injection | |
| CVE-2023-4827 | File Manager Pro < 1.8 - Remote Code Execution via CSRF |
Showing top 20 of 40 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: File Manager Pro
- CVE-2025-52710
WordPress File Manager Pro plugin <= 1.8.8 - Cross Site Scri - CVE-2024-8507
File Manager Pro <= 8.3.9 - Cross-Site Request Forgery to Ar - CVE-2024-8746
File Manager Pro <= 8.3.9 - Unauthenticated Backup File Down - CVE-2024-8918
File Manager Pro <= 8.3.9 - Unauthenticated Limited JavaScri - CVE-2024-7559
File Manager Pro <= 8.3.7 - Authenticated (Subscriber+) Arbi
Same vendor: Unknown
- CVE-2026-6433
Custom CSS JS PHP <= 2.0.7 - Unauthenticated SQL Injection t - CVE-2026-4935
SureTriggers < 1.1.23 – Unauthenticated SQLi - CVE-2026-5335
Magic Export & Import < 1.2.0 - Unauthenticated PII Disclosu - CVE-2026-5337
Frontend File Manager Plugin <= 23.6 - Subscriber+ Arbitrary - CVE-2026-5306
Check & Log Email < 2.0.13 - Unauthenticated Stored XSS
V. Comments for CVE-2023-4861
No comments yet