Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-07-01
CVE-2024-13914 - File Manager Advanced Shortcode Plugin
The File Manager Advanced Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-shortcode) and 2.5.6 (advanced-file-manager-pro-premium), via the 'file_manager_advanced' shortcode. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary JavaScript files on the server. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Sites currently using 2.5.4 (file-manager-advanced-shortcode) should be updated to…
PLUGIN
File Manager Advanced Shortcode
CVE-2024-13914
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-7061 - File Manager Advanced Shortcode Plugin
The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with contributor access or above to upload arbitrary files on the affected site's server which may make remote code execution possible.
PLUGIN
File Manager Advanced Shortcode
CVE-2023-7061
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2068 - File Manager Advanced Shortcode Plugin
The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.
PLUGIN
File Manager Advanced Shortcode
CVE-2023-2068
Risk Score