228 matches found
CVE-2021-4359
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. This is due to lacking authentication protections and lacking a security nonce on the wpfmdeletefile AJAX action. This makes it possible for...
CVE-2021-4351
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfmfilemetaupdate AJAX action. This makes it possible for...
CVE-2021-4344
The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible by the visitor. This makes it possible for unauthenticated or authenticated attackers to access th...
CVE-2021-4350
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfmsendfileinemail AJAX action. This makes it possible for unauthenticated attackers to send emails usin...
PT-2024-10575 · Unknown · N-Media Post Front-End Form +1
Name of the Vulnerable Software and Affected Versions: Frontend File Manager versions prior to 4.0 N-Media Post Front-end Form versions prior to 1.1 Description: The issue allows unauthenticated attackers to upload arbitrary files on the server due to missing file type validation via the nm...
WordPress plugin Frontend File Manager 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...
VulnCheck KEV: CVE-2016-15042
The Frontend File Manager versions 4.0, N-Media Post Front-end Form versions 1.1 plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the nmfilemanageruploadfile and nmpostfrontuploadfile AJAX actions. This makes it possible...
CVE-2024-25903
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7...
CVE-2024-25903
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7...
CVE-2024-25903 WordPress Frontend File Manager Plugin plugin <= 22.7 - Sensitive Data Exposure vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7...
CVE-2024-25903 WordPress Frontend File Manager Plugin plugin <= 22.7 - Sensitive Data Exposure vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7...
CVE-2024-25903
CVE-2024-25903 affects the WordPress Frontend File Manager plugin (Frontend File Manager). Public documentation indicates an information-disclosure vulnerability where unauthenticated actors can access user-uploaded files, with affected versions up to 22.7. The issue stems from exposure of sensit...
WordPress Plugin Frontend File Manager Plugin Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2023-5105
The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as wp-config.php...
CVE-2023-5105 Frontend File Manager < 22.6 - Editor+ Arbitrary File Download
The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as wp-config.php...
WordPress plugin Frontend File Manager Plugin security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
Frontend File Manager < 22.7 - Editor+ Arbitrary File Download
Description The plugin has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as wp-config.php PoC 1 Create new post with this shortcode - ffmwp 2 Go to new post and upload any file 3 After that go to main page of plugin for users...
Frontend File Manager < 22.7 - Editor+ Arbitrary File Download
Description The plugin has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as wp-config.php 1 Create new post with this shortcode - ffmwp 2 Go to new post and upload any file 3 After that go to main page of plugin for users...
WordPress Frontend File Manager Plugin < 22.6 is vulnerable to Arbitrary File Download
Software Frontend File Manager Type Plugin Vulnerable versions 22.6 Fixed in 22.6 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Download CVE CVE-2023-5105 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID 66e0e4c68ed0 Credits Dmitrii Ignatyev...
WordPress Plugin Frontend File Manager Security Bypass Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security bypass vulnerability exists in the WordPress plugin Frontend File Manager, which is caused by a lack of authentication protection,...