WordPress File Management Plugin Riddled with Critical Bugs
#1
Information 
Quote:A critical cross-site scripting (XSS) bug impacts WordPress sites running the Frontend File Manager plugin and allows remote unauthenticated users to inject JavaScript code into vulnerable websites to create admin user accounts.
 
The bug is one of six critical flaws impacting the WordPress plugin Front File Manager versions 17.1 and 18.2, active on more than 2,000 websites. Each of the flaws, publicly disclosed Monday, have available patches.
 
The bugs open sites running the plugin to a broad range of remote code execution attacks giving adversaries the ability to change or delete posts, set up a spam relay, achieve privilege escalation, carry out stored cross-site scripting (XSS) attacks, according to researchers from the Ninja Technologies Network.
 
The WordPress plugin is designed to allow users to upload files to a website admin. Each file is saved in a private directory, so each user can manage their own files after login.

Read more: WordPress File Management Plugin Riddled with Critical Bugs | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Lossless Scaling 3 released with frame g...
Lossless Scaling 3...harlan4096 — 12:41
AMD CES 2025 NEWS
AMD fires back at Ra...harlan4096 — 12:39
Microsoft Edge 131.0.2903.146
Version 131.0.2903...harlan4096 — 12:37
Random YouTube Vidoes
Have we lost interne...Kool — 10:50
XYplorer
What's new in 26.7...Kool — 10:27

[-]
Birthdays
Today's Birthdays
avatar (43)tabthinLem
Upcoming Birthdays
avatar (49)theoldevext
avatar (44)algratCep
avatar (49)Qlaude2Sap
avatar (50)Josepharelf
avatar (39)kholukrefar
avatar (48)Lauraimike
avatar (50)WilsonWag
avatar (48)StevenPiole
avatar (39)zetssToomy
avatar (46)GornOr
avatar (49)Jamesmog
avatar (37)opeqyrav
avatar (37)ivanoFloom
avatar (40)uxegihor

[-]
Online Staff
There are no staff members currently online.

>