3 matches found
CVE-2022-0403
The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues CVE-2021-32682, and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users,...
CVE-2022-0403
The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues CVE-2021-32682, and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users,...
CVE-2022-0403
CVE-2022-0403 relates to the WordPress plugin Library File Manager (up to version 5.2.3) using an outdated elFinder library that is vulnerable (CVE-2021-32682). The root cause is lack of authorization and CSRF protection in the connector AJAX action, allowing any authenticated user, even at Subsc...