Lucene search
WpvulndbWPVDB-ID:50BD65B2-B546-47C0-8CDC-2E650319744CHistorySep 17, 2018 - 12:00 a.m.
File Manager < 3.1 - CSRF to Stored Cross-Site Scripting
2018-09-1700:00:00
wpscan.com
6
0.003 Low
EPSS
Percentile
69.5%
The plugin is lacking CSRF as well as sanitisation checks, allowing attackers to perform CSRF attacks against logged in administrators and set an XSS payload in the public_path setting.
PoC
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp-file-manager | lt | 3.1 |
Related
openvas
openvas
WordPress File Manager Plugin <= 3.0 Multiple Vulnerabilities
2019-04-17 00:00:00
wpexploit
wpexploit
File Manager < 3.1 - CSRF to Stored Cross-Site Scripting
2018-09-17 00:00:00
nvd
nvd
CVE-2018-16966
2019-04-15 21:29:00
CVE-2018-16967
2019-04-15 21:29:00
prion
prion
Cross site request forgery (csrf)
2019-04-15 21:29:00
Cross site scripting
2019-04-15 21:29:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2019-07-08 12:28:25
Cross-Site Scripting (XSS)
2019-07-08 12:28:24
cvelist
cvelist
CVE-2018-16966
2019-04-15 20:37:26
CVE-2018-16967
2019-04-15 20:39:53
cve
cve
CVE-2018-16966
2019-04-15 21:29:00
CVE-2018-16967
2019-04-15 21:29:00