3141 matches found
CVE-2021-4365
The CVE-2021-4365 entry pertains to the Frontend File Manager plugin for WordPress. It is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 18.2 due to missing authentication protections and improper sanitization on the wpfm_edit_file_title_desc AJAX action...
CVE-2021-4365 Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to, and including, 18.2. This is due to lacking authentication protections and santisation all on the wpfmeditfiletitledesc AJAX action. This makes it possible for...
CVE-2021-4359 Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. This is due to lacking authentication protections and lacking a security nonce on the wpfmdeletefile AJAX action. This makes it possible for...
CVE-2021-4359 Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. This is due to lacking authentication protections and lacking a security nonce on the wpfmdeletefile AJAX action. This makes it possible for...
CVE-2021-4359
The Frontend File Manager plugin for WordPress (up to v18.2) is vulnerable to unauthenticated arbitrary post deletion due to missing authentication protections and a security nonce on the wpfm_delete_file AJAX action. This allows unauthenticated attackers to delete posts and pages on the site. Th...
CVE-2021-4356
The CVE-2021-4356 entry pertains to the WordPress Frontend File Manager plugin. Connected sources confirm a vulnerability in the wpfm_file_meta_update AJAX action that permits unauthenticated arbitrary file downloads, due to missing authentication protections, capability checks, and input sanitiz...
CVE-2021-4356 Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Download in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfmfilemetaupdate AJAX action. This makes it possible...
CVE-2021-4351 Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfmfilemetaupdate AJAX action. This makes it possible for...
CVE-2021-4351
The CVE-2021-4351 entry concerns the WordPress Frontend File Manager plugin. Affected software: Frontend File Manager plugin for WordPress, versions up to and including 18.2. Vulnerability details: unauthenticated access allows changes to post/page metadata via the wpfm_file_meta_update AJAX acti...
CVE-2021-4350
The CVE-2021-4350 entry concerns the Frontend File Manager WordPress plugin. Affects versions up to 18.2 and is caused by missing authentication on the wpfm_send_file_in_email AJAX action, enabling unauthenticated users to send emails with a crafted subject, recipient, and HTML body, effectively ...
CVE-2021-4350 Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfmsendfileinemail AJAX action. This makes it possible for unauthenticated attackers to send emails usin...
CVE-2021-4344 Frontend File Manager <= 18.2 - Privilege Escalation
The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible by the visitor. This makes it possible for unauthenticated or authenticated attackers to access th...
CVE-2021-4344
Summary (CVE-2021-4344): The WordPress plugin Frontend File Manager up to version 18.2 is vulnerable to a privilege escalation due to improper handling of user IDs accessible by visitors. This can allow unauthenticated or authenticated attackers to access information and privileges of other users...
WordPress Plugin Frontend File Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Plugin Frontend File Manager 安全漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security bypass vulnerability exists in the WordPress plugin Frontend File Manager, which is caused by a lack of authentication protection,...
WordPress Plugin Frontend File Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Plugin Frontend File Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Plugin Frontend File Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress Plugin Frontend File Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
PT-2023-12468 · WordPress · Frontend File Manager
Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to, and including, 18.2 Description: The issue arises from lacking authentication protections and a security nonce on the wpfm delete file AJAX action, allowing unauthenticated attackers ...