CVE-2023-5105

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 4, 2023

Updated: Dec 7, 2023

Summary

CVE-2023-5105 is a newly disclosed vulnerability affecting the Frontend File Manager Plugin for WordPress. This issue permits Editor+ users to bypass the file download logic, enabling them to download sensitive files, such as `wp-config.php`, directly. This vulnerability poses a significant risk to WordPress sites, as `wp-config.php` contains crucial configuration details. The plugin should be updated to version 22.6 or later to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t1yP3C
https://www.cve.org/CVERecord?id=CVE-2023-5105
https://nvd.nist.gov/vuln/detail/CVE-2023-5105

Back to Vulnerability Database

CVE-2023-5105

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations