0.003 Low
EPSS
Percentile
69.5%
The plugin is lacking CSRF as well as sanitisation checks, allowing attackers to perform CSRF attacks against logged in administrators and set an XSS payload in the public_path setting.
ansawaf.blogspot.com/2019/04/file-manager-plugin-wordpress-plugin.html