2 matches found
CVE-2022-0403
CVE-2022-0403 relates to the WordPress plugin Library File Manager (up to version 5.2.3) using an outdated elFinder library that is vulnerable (CVE-2021-32682). The root cause is lack of authorization and CSRF protection in the connector AJAX action, allowing any authenticated user, even at Subsc...
CVE-2017-20091
The CVE-2017-20091 entry concerns the WordPress File Manager Plugin version 3.0.1, where a cross-site request forgery (CSRF) vulnerability exists due to missing or improper request/token validation. The issue enables remote initiation of CSRF actions against the plugin, with the attack affecting ...