Reflected Cross-Site Scripting Vulnerability in File Manager Pro Plugin by WordPress
CVE-2023-7015
6.1MEDIUM
Summary
The File Manager Pro plugin for WordPress has a vulnerability allowing unauthenticated attackers to exploit insufficient input sanitization and output escaping through the 'tb' parameter. This weakness enables attackers to inject arbitrary web scripts into pages. If a user is tricked into clicking a malicious link, the injected scripts could execute in their browser, potentially compromising user data and site integrity.
Affected Version(s)
File Manager Pro * <= 8.3.4
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Tobias Weißhaar