Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-16363 PoC — WordPress mndpsingh287 File Manager插件跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-16363.yaml
Associated Vulnerability
Title:WordPress mndpsingh287 File Manager插件跨站脚本漏洞 (CVE-2018-16363)
Description:The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php.
Description
WordPress File Manager plugin before 3.0 is vulnerable to authenticated reflected cross-site scripting (XSS) via the lang parameter in the admin dashboard. The parameter is directly echoed into a JavaScript context without proper sanitization.
File Snapshot

 id: CVE-2018-16363

info:
  name: WordPress File Manager < 3.0 - Cross-Site Scripting
  author: Shiv

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →