3141 matches found
CVE-2022-3124
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...
CVE-2022-3125
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...
CVE-2022-3124
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...
Design/Logic Flaw
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...
UBUNTU-CVE-2022-3125
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...
UBUNTU-CVE-2022-3124
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...
Design/Logic Flaw
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...
CVE-2022-3125 Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...
CVE-2022-3125
The CVE-2022-3125 entry concerns the WordPress Frontend File Manager plugin (versions prior to 21.3). The vulnerability arises from allowing any authenticated user (e.g., a subscriber) to rename an uploaded file to an arbitrary extension (such as PHP), which could enable uploading of arbitrary fi...
CVE-2022-3124 Frontend File Manager < 21.3 - Unauthenticated File Renaming
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...
CVE-2022-3124
CVE-2022-3124 : The Frontend File Manager WordPress plugin, up to version 21.3, allows any unauthenticated user to rename files uploaded by users. The issue stems from insufficient validation in the destination filename, which could enable an attacker to alter the content of arbitrary files on th...
EUVD-2022-42551
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...
WordPress plugin Frontend File Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...
PT-2022-20638 · WordPress · Frontend File Manager Plugin
Name of the Vulnerable Software and Affected Versions: Frontend File Manager Plugin WordPress plugin versions prior to 21.3 Description: The issue allows any authenticated users to rename a file to an arbitrary extension, such as PHP, which could enable them to upload arbitrary files on the serve...
PT-2022-20633
Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin WordPress plugin versions prior to 21.3 Description The issue allows any unauthenticated user to rename uploaded files from users. Due to the lack of validation in the destination filename, this could allow them to...
WordPress plugin Frontend File Manager 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. WordPress Frontend File Manager versions prior to 21.3 are vulnerable to arbitrary file uploads, whi...
WordPress Frontend File Manager plugin <= 21.3 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by WPScan in WordPress Frontend File Manager plugin versions = 21.3 Solution Update the WordPress Frontend File Manager plugin to the latest available version at least 21.4...
WordPress Frontend File Manager plugin <= 21.3 - File Upload via Cross-Site Request Forgery (CSRF) vulnerability
File Upload via Cross-Site Request Forgery CSRF vulnerability was discovered by Raad Haddad Cloudyrion GmbH in the WordPress Frontend File Manager plugin versions = 21.3. Solution Update the WordPress Frontend File Manager plugin to the latest available version at least 21.4...
Frontend File Manager < 21.4 - File Upload via CSRF
The plugin does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf PoC The file won't show up via the frontend/backend, but will be uploaded in the user folder ie in wp-content/uploads/useruploads//payload.pdf...
Frontend File Manager < 21.4 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. As the plugin does not validate the allowed file type, this could lead to attackers making admins allowing PHP file to be uploaded by any...