CVE-2018-16363

The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in libwpfilemanager.php.
References
Configurations

Configuration 1

cpe:2.3:a:webdesi9:file_manager:2.9:*:*:*:*:wordpress:*:*

Information

Published : 2018-09-07 10:29

Updated : 2018-11-06 08:28


NVD link : CVE-2018-16363

Mitre link : CVE-2018-16363

Products Affected
No products.
CWE