We’re taking on a small number of new builds and rebuilds this quarter. Book a call to see if your project is a fit.

CVE CVE-2023-54350

CVE-2023-54350

WordPressPHP

Severity: HIGH
CVSS: 7.5CVSS
Published: 2026-06-08
Last modified: 2026-06-08
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-306

Description

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to create malicious PHP files in the file_manager directory and execute them on the server.

References

https://www.exploit-db.com/exploits/51788
https://www.vulncheck.com/advisories/wordpress-augmented-reality-plugin-remote-code-execution-unauthenticated

Summary

Description

References