Back to search
CVE-2018-16363
Published: Sep 7, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://blog.51cto.com/010bjsoft/2171087
x_refsource_MISC
https://plugins.trac.wordpress.org/changeset/1936043
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/9126
x_refsource_MISC
https://wordpress.org/support/topic/security-concern-6/#post-10655739
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now