CVE-2018-19040
CVE-2018-19040 affects the WordPress Media File Manager plugin (version 1.4.2 and earlier). The vulnerability is a directory traversal via the dir parameter in the mrelocator_getdir action called through wp-admin/admin-ajax.php, enabling directory listing (and per later sources, may lead to broad...