Vulnerabilities > Webdesi9 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-05 | CVE-2021-24177 | Cross-site Scripting vulnerability in Webdesi9 File Manager In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. | 5.4 |
| 2017-12-19 | CVE-2017-17744 | Cross-site Scripting vulnerability in Webdesi9 Custom MAP 1.0/1.0.1/1.1 A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advancedsettings.php. | 6.1 |