CVE-2021-24177

CVE-2021-24177: WP File Manager < 7.1 - Reflected Cross-Site Scripting (XSS)

Vendor Unknown
Product File Manager
Weakness CWE-79 · XSS
Published April 5, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response.

Key dates

02Disclosure timeline

April 5, 2021 CVE published
August 3, 2024 Record updated