Lack of sanitisation in the lang parameter in the admin dashboard could allow attacker to perform reflected XSS attacks against logged in administrators
https://example.com/wp-admin/admin.php?page=wp_file_manager〈=zh_CNalert(`XSS`)
CPE | Name | Operator | Version |
---|---|---|---|
wp-file-manager | lt | 3.0 |