CVE-2018-19043
CVE-2018-19043 affects the WordPress Media File Manager plugin up to version 1.4.2. The vulnerability arises from a directory traversal in the dir parameter of the mrelocator_rename action, allowing arbitrary file renaming via requests to wp-admin/admin-ajax.php. The root cause is insufficient va...