漏洞描述
在远程主机上运行的WordPress应用程序具有“文件管理器”插件的版本,由于elFinder的包含不当,该版本受远程代码执行漏洞的影响。未经身份验证的远程攻击者可以通过将特制请求发送到connector.minimal.php文件来利用此漏洞,以在易受攻击的WordPress站点上执行远程代码。
WordPress 插件 'File Manager' elFinder 远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2017-14725: WordPress < 4.8.2 - Authenticated Open Redirect
- POC CVE-2017-17092: WordPress < 4.9.1 - Authenticated JavaScript File Upload
- POC CVE-2025-61757: Oracle Identity Manager REST WebServices - Authentication Bypass
- POC wp-security-hidden-login-exposure: WordPress All-in-One Security <=4.4.1 - Hidden Login Page Exposure
- WordPress Kognetiks Chatbot for WordPress <= 2.0.0 任意文件上传漏洞
- WordPress Verbalize WP 存在任意文件上传漏洞(CVE-2024-49668)
- POC CVE-2021-4374: WordPress Automatic Plugin - Unauthenticated Options Change
- POC CVE-2025-11749: WordPress AI Engine Plugin - Token Exposure
- 月子会所ERP /Page/SalerManager/ashx/BindRoomListData.ashx RoomType SQL 注入漏洞
- WordPress WooCommerce Designer Pro 插件 /wp-admin/admin-ajax.php wcdp_save_canvas_design_ajax 文件上传漏洞(CVE-2025-6440)
- POC CVE-2025-4302: Stop User Enumeration WordPress plugin - Authentication Bypass
- WordPress Google for WooCommerce /wp-content/plugins/google-listings-and-ads/vendor/googleads/google-ads-php/scripts/print_php_information.php 信息泄露漏洞(CVE-2024-10486)
- 中成科信票务管理系统 /SystemManager/OrderManager/OrderManager.ashx 文件读取漏洞