CVE-2021-4344
6.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.6%
The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible by the visitor. This makes it possible for unauthenticated or authenticated attackers to access the information and privileges of other users, including ‘guest users’, in their own category (authenticated, or unauthenticated guests).
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nmedia | member_conversation | * | cpe:2.3:a:nmedia:member_conversation:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "nmedia",
"product": "Frontend File Manager Plugin",
"versions": [
{
"version": "*",
"status": "affected",
"lessThan": "18.3",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
6.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.6%