Lucene search
HistoryOct 16, 2023 - 8:15 p.m.
CVE-2023-4862
cve-2023-4862
file manager pro
wordpress
xss
security vulnerability
nvd
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
14.1%
The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users.
Affected configurations
Node
filemanagerprofile_manager_proRange<1.8.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| filemanagerpro | file_manager_pro | * | cpe:2.3:a:filemanagerpro:file_manager_pro:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "File Manager Pro",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.8.1"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Default credentials
2023-10-16 20:15:00
cvelist
cvelist
CVE-2023-4862 File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting
2023-10-16 19:38:56
nvd
nvd
CVE-2023-4862
2023-10-16 20:15:17
wpvulndb
wpvulndb
File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting
2023-09-19 00:00:00
wpexploit
wpexploit
File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting
2023-09-19 00:00:00
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
14.1%
Related for CVE-2023-4862