[ad_1]
The bugs allow a range of attacks on websites, including deleting blog pages and remote code execution.
A critical cross-site scripting (XSS) bug impacts WordPress sites running the Frontend File Manager plugin and allows remote unauthenticated users to inject JavaScript code into vulnerable websites to create admin user accounts.
The bug is one of six critical flaws impacting the WordPress plugin Front File Manager versions 17.1 and 18.2, active on more than 2,000 websites. Each of the flaws, publicly disclosed Monday, have available…
More Info
