A critical cross-site scripting (XSS) bug impacts WordPress sites running the Frontend File Manager plugin and allows remote unauthenticated users to inject JavaScript code into vulnerable websites to create admin user accounts. The bug is one of six critical flaws impacting the WordPress plugin Front File Manager versions 17.1 and 18.2, active on more than 2,000 websites.

Read full article on Threat Post