Mndpsingh287

**Name of the Vulnerable Software and Affected Versions** File Manager plugin for WordPress versions up to, and including, 3.0 **Description** The issue is related to a missing capability check in the /inc/root.php file, which allows unauthenticated attackers to bypass authorization. This enables them to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution. The API endpoint /inc/root.php is affected. **Recommendations** For versions up to, and including, 3.0, update to a version that includes a fix for the missing capability check in the /inc/root.php file to prevent authorization bypass and potential remote code execution. As a temporary workaround, consider restricting access to the /inc/root.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** mndpsingh287 File Manager plugin version 2.9 **Description** The issue concerns a cross-site scripting (XSS) problem. It occurs via the `lang` parameter in a "wp-admin/admin.php?page=wp file manager" request. This happens because `set transient` is used in file folder manager.php, and there is an echo of `lang` in libwpfilemanager.php. **Recommendations** For version 2.9, consider disabling the `lang` parameter in the "wp-admin/admin.php?page=wp file manager" request until a patch is available. Restrict access to the libwpfilemanager.php file to minimize the risk of exploitation. Avoid using the `lang` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.