EPSS
Percentile
39.5%
The mndpsingh287 file manager plugin is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the public_path parameter in the wp_file_manager_root page.
public_path
wp_file_manager_root
ansawaf.blogspot.com/2019/04/file-manager-plugin-wordpress-plugin.html
wordpress.org/plugins/wp-file-manager/#developers
wpvulndb.com/vulnerabilities/9614