Sindbad~EG File Manager

{"CVE_ID":"CVE-2022-43504","versionEndExcluding":"6.0.3","description":"Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature."}
{"CVE_ID":"CVE-2022-43497","versionEndExcluding":"6.0.3","description":"Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script ."}
{"CVE_ID":"CVE-2011-1762","versionEndExcluding":"3.1.2","description":"A flaw exists in Wordpress related to the 'wp-admin\/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission."}
{"CVE_ID":"CVE-2022-3590","versionEndExcluding":"","description":"WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden."}
{"CVE_ID":"CVE-2023-2745","versionEndExcluding":"","description":"WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the \u2018wp_lang\u2019 parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack."}