CVE-2026-39640

Cross-Site Request Forgery CSRF vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through = 3.2...

EUVD-2023-58347

Malicious code in bioql PyPI...

CVE-2020-24312

Summary: WordPress File Manager (wp-file-manager) plugin versions ≤ 6.4 are vulnerable to a backup disclosure due to failing to restrict access to the fm_backups directory via .htaccess, allowing unauthenticated users to browse/download site backups (potentially full database backups). Root cause...

Cross-Site Request Forgery (CSRF)

The mndpsingh287 file manager plugin for wordpress is vulnerable to cross-site request forgery CSRF. An attacker is able to submit request on behalf of a victim when the user visits a malicious web page...

Cross site scripting

There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wpfilemanagerroot publicpath parameter...

CVE-2018-16967

There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wpfilemanagerroot publicpath parameter...

CVE-2018-16967

CVE-2018-16967 concerns a reflected XSS in the mndpsingh287 File Manager plugin for WordPress (v3.0) exploitable via the public_path parameter on the wp_file_manager_root page. Multiple sources reiterate that an attacker can inject arbitrary JavaScript through this parameter, potentially affectin...

CVE-2018-16966

CVE-2018-16966 concerns the WordPress plugin “mndpsingh287 File Manager” (v3.0) where a CSRF vulnerability exists via the page=wp_file_manager_root public_path parameter. The issue allows an attacker to trigger actions on behalf of a logged-in user (requires user interaction per CVSS3) without au...

CVE-2018-16966

There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wpfilemanagerroot publicpath parameter...

WordPress mndpsingh287 File Manager plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers. mndpsingh287 File Manager is a file management plugin used in it. A cross-site scripting vulnerability exists in t...

CVE-2018-16363

CVE-2018-16363 affects the WordPress plugin mndpsingh287 File Manager (v2.9) and is triggered via the lang parameter in the admin interface (wp-admin/admin.php?page=wp_file_manager). The root cause is the use of set_transient in file_folder_manager.php and an echo of the lang value in lib/wpfilem...