Media File Manager plugin for WordPress exploited

An exploit was discovered in The Media File Manager plugin version 1.4.2 for WordPress. This vulnerability allows for directory traversal and the initiation of a remote cross site scripting (XSS) attack via the dir parameter of the mrelocator_getdir function of the file wp-admin/admin-ajax.php. A working exploit has been dislosed.

The CVE ID that was assigned to this exploit is: CVE-2018-19041

The Media File Manager plugin for WordPress helps to organize the WordPress Media Library. Uploaded files can be renamed, previewed, deleted and moved to other folders. The plugin can be utilized by administrators, authors, contributors and subscribers.

 

Mitigation

The plugin has been removed from the WordPress plugin repository. There is currently no known mitigation and it is recommended that the plugin is permanently deleted from your WordPress installation.

 

Join Our Online Security and Hosting Newsletter Today

and stay updated with the latest news, updates, releases & much more.
Subscribe
SUBSCRIBE NOW

Related Posts

Join Our Online Security and Hosting Newsletter Today

and stay updated with the latest news, updates, releases & much more.
Subscribe
SUBSCRIBE NOW
close-link