2 matches found
CVE-2018-19042
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dirfrom and dirto parameters of an mrelocatormove action to the wp-admin/admin-ajax.php URI...
CVE-2018-19042
CVE-2018-19042 affects the WordPress Media File Manager plugin (v1.4.2) via a directory traversal in mrelocator_move that lets an attacker move arbitrary files using dir_from/dir_to parameters to wp-admin/admin-ajax.php. OpenVAS and related entries flag multiple vulnerabilities in