WordPress Plugin Wp-FileManager 'ajaxfilemanager.php' Arbitrary File Upload Vulnerability

info
discussion
exploit
solution
references

WordPress Plugin Wp-FileManager 'ajaxfilemanager.php' Arbitrary File Upload Vulnerability

WordPress plugin Wp-FileManager is prone to a vulnerability that attackers can exploit to upload arbitrary PHP script code and execute it in the context of the webserver process.

This issue affects WP-FileManager 1.2; other versions may also be vulnerable.