CVE-2023-2068

CRITICAL

WordPress File Manager Advanced Shortcode <2.3.2 - RCE

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-2068. PoCs published by Mateus Machado Tesser, including Metasploit module exploits/multi/http/wp_plugin_fma_shortcode_unauth_rce.

AI-analyzed exploit summary This exploit leverages an unauthenticated RCE vulnerability in File Manager Advanced Shortcode 2.3.2 by uploading a malicious PHP file via AJAX. It extracts the `_fmakey` from the target site and uses it to bypass authentication, then executes arbitrary commands via the uploaded webshell.

Description

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.

Exploits (2)

exploitdb WORKING POC

by Mateus Machado Tesser · pythonwebappsphp

https://www.exploit-db.com/exploits/51505

View Code ZIP pw:eip

This exploit leverages an unauthenticated RCE vulnerability in File Manager Advanced Shortcode 2.3.2 by uploading a malicious PHP file via AJAX. It extracts the `_fmakey` from the target site and uses it to bypass authentication, then executes arbitrary commands via the uploaded webshell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: File Manager Advanced Shortcode 2.3.2

No auth needed

Prerequisites: Target must have File Manager Advanced Shortcode 2.3.2 installed · Target must be accessible via HTTP

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_plugin_fma_shortcode_unauth_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated RCE vulnerability in WordPress File Manager Advanced Shortcode plugin by uploading a malicious PHP payload disguised as a PNG file via a shortcode, bypassing MIME type restrictions.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress File Manager Advanced Shortcode plugin <= 2.3.2 (requires File Manager Advanced <= 5.0.5)

No auth needed

Prerequisites: WordPress installation with vulnerable plugin versions · Network access to WordPress admin-ajax.php endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/173735/WordPress-File-Manager-Advanced-Shortcode-2.3.2-Remote-Code-Execution.html

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/58f72953-56d2-4d86-a49b-311b5fc58056

Scores

CVSS v3 9.8

EPSS 0.3962

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

Status published

Products (1)

advancedfilemanager/file_manager_advanced_shortcode < 2.3.2

Published Jun 27, 2023

Tracked Since Feb 18, 2026