CVE-2023-6846: 
WordPress vulnerability analysis and mitigation

The File Manager Pro plugin for WordPress contains an Arbitrary File Upload vulnerability (CVE-2023-6846) affecting all versions up to and including 8.3.4. The vulnerability was discovered in the mk_check_filemanager_php_syntax AJAX function, which allows authenticated attackers with subscriber-level access or higher to execute code on the server. The issue was reported to the File Manager developer team on December 14, 2023, and they responded the following day (Wordfence Advisory).

The vulnerability exists in the mk_check_filemanager_php_syntax_callback function, which is designed to check PHP syntax. The function creates a temporary file (fm_temp.php) in the WordPress uploads directory and writes user-supplied code to it for syntax checking. While the code includes some security measures like sanitizing the filename and MIME type, it fails to properly restrict access to the functionality, allowing any authenticated user to potentially execute arbitrary PHP code (GitHub Exploit). The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD Database).

The vulnerability allows authenticated attackers with subscriber-level access or higher to execute arbitrary code on the server, potentially leading to complete server compromise. This could result in unauthorized access to sensitive data, modification of website content, and potential lateral movement within the hosting environment (Wordfence Advisory).

The vulnerability has been patched in version 8.3.5, which introduces a capability check that prevents users lower than admin from executing the vulnerable function. Users are strongly advised to update to this version immediately. If immediate updating is not possible, it is recommended to restrict access to the File Manager Pro plugin to administrator-level users only (NVD Database).