CVE-2024-8066
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Nov 28, 2024
CWE ID 434
Summary
CVE-2024-8066 is a vulnerability affecting the File Manager Pro – Filester plugin for WordPress. This issue, present in all versions up to 1.8.4, stems from a lack of validation in the 'fsConnector' function. Authenticated attackers with Subscriber-level access or higher, given permissions by an Administrator, can exploit this weakness to upload a new .htaccess file. This file allows the attacker to upload further arbitrary files on the targeted site's server, potentially leading to remote code execution.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share