cleantalk
Vulnerabilities and Security Researches

File Manager, CVE-2018-16363

CVE, Research URL

CVE-2018-16363

Home page URL

Security reports for File Manager

Application

File Manager

Published on
Sep 08, 2018
Research Description
The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php.
Affected versions
max 3.0.
Status
vulnerable
Previous vulnerability researches
File Manager (CVE-2024-37254) , Jul 01, 2024
File Manager (CVE-2018-16966) , Jun 06, 2024
File Manager (CVE-2024-0761) , Jun 06, 2024
File Manager (CVE-2023-6825) , Jun 06, 2024
File Manager (CVE-2021-24177) , Jun 06, 2024
New vulnerability
Contact Form 7 Database Addon – CFDB7 , Feb 17, 2026
GoSMTP – SMTP for WordPress , Feb 17, 2026
User Role Editor , Feb 16, 2026
Post Types Order , Feb 11, 2026
Code Snippets , Feb 09, 2026