CVE-2024-8066

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 28, 2024
CWE ID 434

Summary

CVE-2024-8066 is a vulnerability affecting the File Manager Pro – Filester plugin for WordPress. This issue, present in all versions up to 1.8.4, stems from a lack of validation in the 'fsConnector' function. Authenticated attackers with Subscriber-level access or higher, given permissions by an Administrator, can exploit this weakness to upload a new .htaccess file. This file allows the attacker to upload further arbitrary files on the targeted site's server, potentially leading to remote code execution.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share