Vulnerabilities > Webdesi9 > File Manager > 6.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-05 | CVE-2024-0761 | Use of Insufficiently Random Values vulnerability in Webdesi9 File Manager The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. | 7.5 |
2021-04-05 | CVE-2021-24177 | Cross-site Scripting vulnerability in Webdesi9 File Manager In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. | 3.5 |