Vulnerabilities > Media File Manager Project

DATE CVE VULNERABILITY TITLE RISK
2019-01-31 CVE-2018-19043 Path Traversal vulnerability in Media File Manager Project Media File Manager 1.4.2
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI.
network
low complexity
media-file-manager-project CWE-22
5.0
2019-01-31 CVE-2018-19042 Path Traversal vulnerability in Media File Manager Project Media File Manager 1.4.2
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI.
network
low complexity
media-file-manager-project CWE-22
5.0
2019-01-31 CVE-2018-19041 Cross-site Scripting vulnerability in Media File Manager Project Media File Manager 1.4.2
The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.
4.3
2019-01-31 CVE-2018-19040 Path Traversal vulnerability in Media File Manager Project Media File Manager 1.4.2
The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.
network
low complexity
media-file-manager-project CWE-22
5.0