CVE-2023-4862 — Cross-site Scripting in Filester

Severity

4.8MEDIUMNVD

EPSS

0.1%

top 76.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedOct 16

Description

The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users.

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

CVEList

File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting↗2023-10-16

▶

GHSA

GHSA-x7gg-f2xv-xw56: The File Manager Pro WordPress plugin before 1↗2023-10-16

▶