{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T07:15:25.442","vulnerabilities":[{"cve":{"id":"CVE-2020-35235","sourceIdentifier":"cve@mitre.org","published":"2020-12-14T03:15:13.370","lastModified":"2024-11-21T05:27:05.023","vulnStatus":"Modified","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"},{"lang":"es","value":"**NO COMPATIBLE CUANDO SE ASIGNÓ ** El archivo vendor/elfinder/php/connector.minimal.php en el plugin Secure-File-Manager versiones hasta 2.5 para WordPress, carga el código elFinder sin el control de acceso apropiado. Por lo tanto, cualquier usuario autenticado puede ejecutar el comando de carga elFinder para lograr una ejecución de código remota. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:themexa:secure_file_manager:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"2.5","matchCriteriaId":"B2CFC048-CB75-421E-846D-889A54EAA044"}]}]}],"references":[{"url":"https://blog.nintechnet.com/authenticated-rce-vulnerability-in-wordpress-secure-file-manager-plugin-unpatched/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://wordpress.org/plugins/secure-file-manager/#developers","source":"cve@mitre.org","tags":["Product","Third Party Advisory"]},{"url":"https://blog.nintechnet.com/authenticated-rce-vulnerability-in-wordpress-secure-file-manager-plugin-unpatched/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://wordpress.org/plugins/secure-file-manager/#developers","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product","Third Party Advisory"]}]}}]}