CVE-2023-54350EPSS p40.6%

CVE-2023-54350CVE-2023-54350

Description

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to create malicious PHP files in the file_manager directory and execute them on the server.

Scoring

CVSS 7.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS0.53% probability of exploitation · percentile 40.6% · 2026-06-19T12:03:05Z
Last modified2026-06-08

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
WordPress File Manager Plugin Remote Code Execution Vulnerability
CVE
CVE-2025-12637
CVE
CVE-2025-13094
CVE
CVE-2023-54352
CVE
CVE-2024-58348
CVE
CVE-2025-2512
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.