2 matches found
WordPress File Manager < 3.0 - Cross-Site Scripting
WordPress File Manager plugin before 3.0 is vulnerable to authenticated reflected cross-site scripting XSS via the lang parameter in the admin dashboard. The parameter is directly echoed into a JavaScript context without proper sanitization. id: CVE-2018-16363 info: name: WordPress File Manager 3...
CVE-2018-16363
CVE-2018-16363 affects the WordPress plugin mndpsingh287 File Manager (v2.9) and is triggered via the lang parameter in the admin interface (wp-admin/admin.php?page=wp_file_manager). The root cause is the use of set_transient in file_folder_manager.php and an echo of the lang value in lib/wpfilem...