CVE-2022-3126

🗓️ 17 Oct 2022 00:00:00Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 60 Views🌐 WEB

The Frontend File Manager Plugin WordPress plugin before 21.4 allows CSRF upload attacks

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2022-3126	17 Oct 202216:13	–	circl
CNNVD	WordPress Plugin Frontend File Manager 跨站请求伪造漏洞	17 Oct 202200:00	–	cnnvd
Cvelist	CVE-2022-3126 Frontend File Manager < 21.4 - File Upload via CSRF	17 Oct 202200:00	–	cvelist
EUVD	EUVD-2022-42553	3 Oct 202520:07	–	euvd
NVD	CVE-2022-3126	17 Oct 202212:15	–	nvd
OSV	CVE-2022-3126	17 Oct 202212:15	–	osv
Patchstack	WordPress Frontend File Manager plugin <= 21.3 - File Upload via Cross-Site Request Forgery (CSRF) vulnerability	26 Sep 202200:00	–	patchstack
Prion	Cross site request forgery (csrf)	17 Oct 202212:15	–	prion
Positive Technologies	PT-2022-20647 · WordPress · Frontend File Manager Plugin	17 Oct 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-3126	22 May 202522:53	–	redhatcve

NVD

Vulners

Node

najeebmedia frontend_file_manager_pluginRange<21.4wordpress

[
  {
    "vendor": "Unknown",
    "product": "Frontend File Manager Plugin",
    "versions": [
      {
        "version": "21.4",
        "status": "affected",
        "lessThan": "21.4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8

Parameter	Position	Path	Description	CWE
file	request body	wp-admin/admin-ajax.php?action=wpfm_upload_file	CSRF in Frontend File Manager Plugin allows logged-in users to upload files without CSRF checks	CWE-352
_file	request body	wp-admin/admin-ajax.php?action=wpfm_upload_file	CSRF in Frontend File Manager Plugin allows logged-in users to upload files without CSRF checks	CWE-352

14 May 2025 16:15Current

4.5Medium risk

Vulners AI Score4.5

CVSS 3.14.3

EPSS0.00103

SSVC

CWE-352