CVE-2018-16967
CVE-2018-16967 concerns a reflected XSS in the mndpsingh287 File Manager plugin for WordPress (v3.0) exploitable via the public_path parameter on the wp_file_manager_root page. Multiple sources reiterate that an attacker can inject arbitrary JavaScript through this parameter, potentially affectin...