{"api_version":"1","generated_at":"2026-04-23T13:26:27+00:00","cve":"CVE-2023-7062","urls":{"html":"https://cve.report/CVE-2023-7062","api":"https://cve.report/api/cve/CVE-2023-7062.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-7062","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-7062"},"summary":{"title":"Advanced File Manager Shortcodes <= 2.4 - Authenticated (Contributor+) Directory Traversal","description":"The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive information.","state":"PUBLISHED","assigner":"Wordfence","published_at":"2024-07-10 02:15:02","updated_at":"2026-04-08 18:18:47"},"problem_types":["CWE-538","CWE-538 CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory"],"metrics":[{"version":"3.1","source":"security@wordfence.com","type":"Secondary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8bf009f5-cf9e-4d38-9679-d3abb5817d30?source=cve","name":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8bf009f5-cf9e-4d38-9679-d3abb5817d30?source=cve","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress/","name":"https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-7062","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-7062","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Advanced File Manager","product":"Advanced File Manager Shortcodes","version":"affected 2.4 semver","platforms":[]}],"timeline":[{"source":"CNA","time":"2024-07-08T00:00:00.000Z","lang":"en","value":"Disclosed"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Colin Xu","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2023-7062","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-07-10T14:05:13.276654Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-07-10T14:05:24.745Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2024-08-02T08:50:07.902Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8bf009f5-cf9e-4d38-9679-d3abb5817d30?source=cve"},{"tags":["x_transferred"],"url":"https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress/"}],"title":"CVE Program Container"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Advanced File Manager Shortcodes","vendor":"Advanced File Manager","versions":[{"lessThanOrEqual":"2.4","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Colin Xu"}],"descriptions":[{"lang":"en","value":"The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive information."}],"metrics":[{"cvssV3_1":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-538","description":"CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-08T17:05:55.482Z","orgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","shortName":"Wordfence"},"references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8bf009f5-cf9e-4d38-9679-d3abb5817d30?source=cve"},{"url":"https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress/"}],"timeline":[{"lang":"en","time":"2024-07-08T00:00:00.000Z","value":"Disclosed"}],"title":"Advanced File Manager Shortcodes <= 2.4 - Authenticated (Contributor+) Directory Traversal"}},"cveMetadata":{"assignerOrgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","assignerShortName":"Wordfence","cveId":"CVE-2023-7062","datePublished":"2024-07-10T02:02:46.771Z","dateReserved":"2023-12-21T17:26:28.697Z","dateUpdated":"2026-04-08T17:05:55.482Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-07-10 02:15:02","lastModifiedDate":"2026-04-08 18:18:47","problem_types":["CWE-538","CWE-538 CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory"],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2023","CveId":"7062","Ordinal":"1","Title":"Advanced File Manager Shortcodes <= 2.4 - Authenticated (Contrib","CVE":"CVE-2023-7062","Year":"2023"},"notes":[{"CveYear":"2023","CveId":"7062","Ordinal":"1","NoteData":"The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive information.","Type":"Description","Title":"Advanced File Manager Shortcodes <= 2.4 - Authenticated (Contrib"}]}}}