Lucene search

[email protected]NVD:CVE-2021-4359

HistoryJun 07, 2023 - 2:15 a.m.

CVE-2021-4359

2023-06-0702:15:14

CWE-862

[email protected]

web.nvd.nist.gov

wordpress

frontend file manager

vulnerability

unauthenticated

post deletion

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

48.5%

JSON

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. This is due to lacking authentication protections and lacking a security nonce on the wpfm_delete_file AJAX action. This makes it possible for unauthenticated attackers to delete any posts and pages on the site.

Affected configurations

Nvd

Node

najeebmediafrontend_file_manager_pluginRange≤18.2wordpress

VendorProductVersionCPE
najeebmediafrontend_file_manager_plugin*cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
najeebmedia	frontend_file_manager_plugin	*	cpe:2.3:a:najeebmedia:frontend_file_manager_plugin::::::wordpress::*

References

blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/84c61d00-20c1-4176-a74d-ea6ff6220f26?source=cve

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

48.5%

JSON

Related for NVD:CVE-2021-4359

prion1 cvelist1 cve1