Description
WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to create malicious PHP files in the file_manager directory and execute them on the server.
Published: 2026-06-08
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 09 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Webandprint augmented Reality
Wordpress
Wordpress wordpress
Vendors & Products Webandprint augmented Reality
Wordpress
Wordpress wordpress

Mon, 08 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
Description WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to create malicious PHP files in the file_manager directory and execute them on the server.
Title WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated
First Time appeared Webandprint
Webandprint ar
Weaknesses CWE-306
CPEs cpe:2.3:a:webandprint:ar:7.0:*:*:*:*:wordpress:*:*
Vendors & Products Webandprint
Webandprint ar
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Webandprint Ar Augmented Reality
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-09T14:44:43.386Z

Reserved: 2026-01-10T01:51:52.987Z

Link: CVE-2023-54350

cve-icon Vulnrichment

Updated: 2026-06-09T14:44:40.081Z

cve-icon NVD

Status : Deferred

Published: 2026-06-08T02:16:22.810

Modified: 2026-06-08T14:59:44.750

Link: CVE-2023-54350

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T08:57:44Z

Weaknesses