Lucene search

WordfenceCVELIST:CVE-2021-4344

HistoryJun 07, 2023 - 1:51 a.m.

CVE-2021-4344

2023-06-0701:51:15

Wordfence

www.cve.org

wordpress

plugin

privilege escalation

vulnerable

user ids

unauthenticated

authenticated

attackers

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.7%

JSON

The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible by the visitor. This makes it possible for unauthenticated or authenticated attackers to access the information and privileges of other users, including ‘guest users’, in their own category (authenticated, or unauthenticated guests).

CNA Affected

[
  {
    "vendor": "nmedia",
    "product": "Frontend File Manager Plugin",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThan": "18.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/

www.wordfence.com/threat-intel/vulnerabilities/id/28a7b2c9-5d8d-4b49-a47c-473e3288b563?source=cve

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.7%

JSON

Related for CVELIST:CVE-2021-4344