Media File Manager Project Media File Manager vulnerabilities
4 known vulnerabilities affecting media_file_manager_project/media_file_manager.
Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2018-19043P3MEDIUMCVSS 5.3PoCv1.4.22019-01-31
CVE-2018-19043 [MEDIUM] CWE-22 CVE-2018-19043: The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI.
nvd
CVE-2018-19042P3MEDIUMCVSS 5.3PoCv1.4.22019-01-31
CVE-2018-19042 [MEDIUM] CWE-22 CVE-2018-19042: The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI.
nvd
CVE-2018-19040P3MEDIUMCVSS 5.3PoCv1.4.22019-01-31
CVE-2018-19040 [MEDIUM] CWE-22 CVE-2018-19040: The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory trave
The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.
nvd
CVE-2018-19041P3MEDIUMCVSS 6.1PoCv1.4.22019-01-31
CVE-2018-19041 [MEDIUM] CWE-79 CVE-2018-19041: The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_
The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.
nvd