Lucene search
PRIOn knowledge basePRION:CVE-2021-4359HistoryJun 07, 2023 - 2:15 a.m.
Authentication flaw
2023-06-0702:15:00
PRIOn knowledge base
www.prio-n.com
2
wordpress
frontend file manager
vulnerability
post deletion
unauthenticated attackers
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. This is due to lacking authentication protections and lacking a security nonce on the wpfm_delete_file AJAX action. This makes it possible for unauthenticated attackers to delete any posts and pages on the site.
| CPE | Name | Operator | Version |
|---|---|---|---|
| frontend_file_manager_plugin | le | 18.2 |
References
blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/
plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=
www.wordfence.com/threat-intel/vulnerabilities/id/84c61d00-20c1-4176-a74d-ea6ff6220f26?source=cve
Related
nvd
nvd
CVE-2021-4359
2023-06-07 02:15:14
cvelist
cvelist
CVE-2021-4359
2023-06-07 01:51:29
cve
cve
CVE-2021-4359
2023-06-07 02:15:14