Lucene search

[email protected]NVD:CVE-2022-3126

HistoryOct 17, 2022 - 12:15 p.m.

CVE-2022-3126

2022-10-1712:15:10

CWE-352

[email protected]

web.nvd.nist.gov

wordpress

csrf

file upload

security vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

25.9%

JSON

The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf

Affected configurations

Nvd

Node

najeebmediafrontend_file_manager_pluginRange<21.4wordpress

VendorProductVersionCPE
najeebmediafrontend_file_manager_plugin*cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
najeebmedia	frontend_file_manager_plugin	*	cpe:2.3:a:najeebmedia:frontend_file_manager_plugin::::::wordpress::*

References

wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

25.9%

JSON

Related for NVD:CVE-2022-3126

wpvulndb1 cvelist1 prion1 patchstack1 cve1 wpexploit1