Loading market data...
← Back to CVE feed

CVE-2023-54350

HIGH CVSS 7.5 View on NVD ↗

Description

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to create malicious PHP files in the file_manager directory and execute them on the server.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: Jun 08, 2026 02:16 UTC Modified: Jun 08, 2026 14:59 UTC