CVE-2023-5604 Information

Description

The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators who may not be WordPress (super-)administrators to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php .phtml) potentially leading to remote code execution.

Reference

https://wpscan.com/vulnerability/4ce69d71-87bf-4d95-90f2-63d558c78b69