Unrated severityNVD Advisory· Published Apr 5, 2021· Updated Aug 3, 2024
WP File Manager < 7.1 - Reflected Cross-Site Scripting (XSS)
CVE-2021-24177
Description
In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/File Managerdescription
- Range: <7.1
Patches
Vulnerability mechanics
References
3- n4nj0.github.io/advisories/wordpress-plugin-wp-file-manager-i/mitrex_refsource_MISC
- plugins.trac.wordpress.org/changeset/2476829/mitrex_refsource_MISC
- wpscan.com/vulnerability/1cf3d256-cf4b-4d1f-9ed8-e2cc6392d8d8mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.