๐Ÿ” CVE Alert

CVE-2026-11962

HIGH 8.8

FileOrganizer < 1.2.0 - Authenticated Arbitrary File Upload via elFinder File Operations

CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th

The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted file-manager access โ€” which its premium add-on can extend to sub-administrator roles โ€” to upload arbitrary PHP files and achieve remote code execution. This is an incomplete fix of CVE-2024-7985, which only added file-type validation to the upload operation.

Vendor unknown
Product fileorganizer
Published Jul 6, 2026
Last Updated Jul 6, 2026
Stay Ahead of the Next One

Get instant alerts for unknown fileorganizer

Be the first to know when new high vulnerabilities affecting unknown fileorganizer are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / FileOrganizer
0 < 1.2.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/88390679-80c5-439f-89d1-2f46aff8cfdb/

Credits

Revanth Hari Narayana Matte WPScan