CVE-2021-24177

Name of the Vulnerable Software and Affected Versions: File Manager WordPress plugin versions prior to 7.1

Description: A Reflected XSS issue can occur in the default configuration of the plugin when a payload is submitted on the User-Agent parameter. This payload is then reflected back on the web application response, specifically on the endpoint "/wp-admin/admin.php?page=wp file manager properties".

Recommendations: For versions prior to 7.1, update to version 7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/admin.php?page=wp file manager properties" endpoint to minimize the risk of exploitation. Avoid using malicious payloads in the User-Agent parameter until the issue is resolved.