CVE-2022-0403

The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues CVE-2021-32682, and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users,...

EUVD-2022-15548

Malicious code in bioql PyPI...

WordPress Library File Manager plugin跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Library File Manager plugin has a cross-site request forgery vulnerability, which stems from the fact that the plugin uses a...

CVE-2022-0403

The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues CVE-2021-32682, and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users,...

CVE-2022-0403

The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues CVE-2021-32682, and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users,...

CVE-2022-0403

CVE-2022-0403 relates to the WordPress plugin Library File Manager (up to version 5.2.3) using an outdated elFinder library that is vulnerable (CVE-2021-32682). The root cause is lack of authorization and CSRF protection in the connector AJAX action, allowing any authenticated user, even at Subsc...

WordPress plugin Library File Manager 代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Library File Manager plugin has a cross-site request forgery vulnerability, which stems from the fact that the plugin uses a...

WordPress Library File Manager plugin <= 5.2.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Library File Manager plugin versions = 5.2.2. Solution Update the WordPress Library File Manager plugin to the latest available version at least 5.2.3...

Library File Manager < 5.2.3 - Subscriber+ Arbitrary File Creation/Upload/Deletion

The plugin is using an outdated version of the elFinder library, which is know to be affected by security issues CVE-2021-32682, and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users, such as subscriber to call it. Furthermore, a...

WordPress Library File Manager plugin <= 5.2.2 - Arbitrary File Creation/Upload/Deletion vulnerability

Arbitrary File Creation/Upload/Deletion vulnerability discovered by Luan Pedersni in WordPress Library File Manager plugin versions = 5.2.2. Solution Update the WordPress Library File Manager plugin to the latest available version at least 5.2.3...