CVE-2020-24312
- EPSS 51.62%
- Veröffentlicht 26.08.2020 13:15:10
- Zuletzt bearbeitet 24.03.2025 14:32:35
mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include fu...
CVE-2018-16966
- EPSS 0.24%
- Veröffentlicht 15.04.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:36
There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.
CVE-2018-16967
- EPSS 0.35%
- Veröffentlicht 15.04.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:36
There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.
CVE-2018-16363
- EPSS 1.61%
- Veröffentlicht 07.09.2018 22:29:01
- Zuletzt bearbeitet 21.11.2024 03:52:36
The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php...