CVE-2023-5762

HIGH

Filr WordPress Plugin < 1.2.3.6 - Authenticated Remote Code Execution

Title source: llm
STIX 2.1

Description

The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges.

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/6ad99725-eccc-4b61-bce2-668b62619deb

Scores

CVSS v3 8.8
EPSS 0.0202
EPSS Percentile 78.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
filr_project/filr < 1.2.3.6
Published Dec 04, 2023
Tracked Since Feb 18, 2026