漏洞描述
Wp-FileManager 1.2 plugin for WordPress下的ajaxfilemanager.php中存在无限制文件上传漏洞。远程攻击者借助未明的向量,上传和执行任意的PHP代码。
WordPress Plugin Wp-FileManager 'ajaxfilemanager.php' 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- WordPress Yoco Payments plugin /wp-json/yoco/logs 目录遍历漏洞(CVE-2025-13801)
- POC CVE-2012-10018: WordPress Mapplic <= 6.1 / Mapplic Lite <= 1.0 - Authenticated Stored XSS via SVG File Upload
- POC CVE-2024-29138: WordPress Restrict User Access <= 2.5 - Cross-Site Scripting
- POC wordpress-elementor-fpd: WordPress Elementor Page Builder - Full Path Disclosure
- POC wordpress-menu-image-fpd: WordPress Menu Image - Full Path Disclosure
- POC wp-jetpack-ssrf: Wordpress Jetpack plugin - Server Side Request Forgery
- POC CVE-2015-8350: WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS
- POC CVE-2017-18580: WordPress Shortcodes Ultimate <= 5.0.0 - Authenticated Remote Code Execution
- POC CVE-2020-12832: WordPress Simple File List - Path Traversal
- POC CVE-2021-24657: Limit Login Attempts WordPress - Stored Cross-site Scripting
- POC CVE-2021-24681: Duplicate Page WordPress - Stored Cross-Site Scripting
- POC CVE-2021-25082: WordPress Popup Builder < 4.0.7 - Remote Code Execution
- POC CVE-2022-0765: WordPress Loco Translate < 2.6.1 - Cross-Site Scripting