Vulnerabilities/

WordPress Plugin Wpfilemanager 6.8 RCE

Severity:
High

Description

OS Command Execution, also known as Command Injection, is a severe vulnerability that allows attackers to execute arbitrary commands on the host operating system. Attackers exploit this vulnerability by injecting malicious commands through forms, cookies, or HTTP headers. These commands run with the privileges of the vulnerable application, leading to unauthorized access, data theft, and system compromise.

Recommendation

Update or remove the affected plugin.

References

Related Issues

Tags:
Wordpress
RCE
Command Injection
Input Validation
Injection
WASC-31
CVE-2020-25213
EDB-ID-49178
CWE-78
CWE-20
OWASP 2021-A3
OWASP 2017-A1
OWASP 2013-A1
OWASP 2010-A1
OWASP 2007-A2
OWASP 2021-A6
OWASP 2017-A9
CAPEC-88
CAPEC-310
Anything's wrong? Let us know Last updated on May 13, 2024

This issue is available in SmartScanner Professional

See Pricing