CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16363 – File Manager <= 2.9 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-16363
06 Sep 2018 — The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php. El plugin mndpsingh287 File Manager V2.9 para WordPress tiene Cross-Site Scripting (XSS) mediante el parámetro lang en una petición wp-admin/admin.php?page=wp_file_manager debido a que se emplea set_transient en file_folder_manager.php y hay un eco de lang en ... • http://blog.51cto.com/010bjsoft/2171087 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7204 – Bit File Manager <= 5.0.0 - Information Disclosure
https://notcve.org/view.php?id=CVE-2018-7204
02 Mar 2018 — inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and contains database credentials, salts, etc. These files have been indexed by Google and a simple dork will find affected sites. inc/logger.php en el plugin Giribaz File Manager, en versiones anteriores a la 5.0.2, para ... • https://plugins.trac.wordpress.org/changeset/1823035/file-manager • CWE-532: Insertion of Sensitive Information into Log File •