223 matches found
CVE-2021-4359 Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. This is due to lacking authentication protections and lacking a security nonce on the wpfmdeletefile AJAX action. This makes it possible for...
CVE-2021-4359
The Frontend File Manager plugin for WordPress (up to v18.2) is vulnerable to unauthenticated arbitrary post deletion due to missing authentication protections and a security nonce on the wpfm_delete_file AJAX action. This allows unauthenticated attackers to delete posts and pages on the site. Th...
CVE-2021-4356
The CVE-2021-4356 entry pertains to the WordPress Frontend File Manager plugin. Connected sources confirm a vulnerability in the wpfm_file_meta_update AJAX action that permits unauthenticated arbitrary file downloads, due to missing authentication protections, capability checks, and input sanitiz...
CVE-2021-4351 Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfmfilemetaupdate AJAX action. This makes it possible for...
CVE-2021-4351
The CVE-2021-4351 entry concerns the WordPress Frontend File Manager plugin. Affected software: Frontend File Manager plugin for WordPress, versions up to and including 18.2. Vulnerability details: unauthenticated access allows changes to post/page metadata via the wpfm_file_meta_update AJAX acti...
CVE-2021-4350
The CVE-2021-4350 entry concerns the Frontend File Manager WordPress plugin. Affects versions up to 18.2 and is caused by missing authentication on the wpfm_send_file_in_email AJAX action, enabling unauthenticated users to send emails with a crafted subject, recipient, and HTML body, effectively ...
CVE-2021-4344 Frontend File Manager <= 18.2 - Privilege Escalation
The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible by the visitor. This makes it possible for unauthenticated or authenticated attackers to access th...
CVE-2021-4344
Summary (CVE-2021-4344): The WordPress plugin Frontend File Manager up to version 18.2 is vulnerable to a privilege escalation due to improper handling of user IDs accessible by visitors. This can allow unauthenticated or authenticated attackers to access information and privileges of other users...
WordPress Plugin Frontend File Manager 安全漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security bypass vulnerability exists in the WordPress plugin Frontend File Manager, which is caused by a lack of authentication protection,...
WordPress Plugin Frontend File Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2023-12480 · WordPress · Frontend File Manager
Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to, and including, 18.2 Description: The issue arises from lacking authorization protections, checks against users editing other's posts, and a missing security nonce on the "wpfm edit fi...
WordPress Plugin Frontend File Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2023-12448 · WordPress · Frontend File Manager
Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to, and including, 18.2 Description: The issue is related to a lack of proper handling of user IDs, making it accessible to visitors. This allows unauthenticated or authenticated attacker...
WordPress Plugin Frontend File Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
WordPress Plugin Frontend File Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
PT-2023-12465
Name of the Vulnerable Software and Affected Versions Frontend File Manager plugin for WordPress versions up to and including 18.2 Description The issue is related to a lack of authentication protections, capability checks, and sanitization in the wpfm file meta update AJAX action. This allows...
PT-2023-12460 · WordPress · Frontend File Manager
Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to and including 18.2 Description: The issue arises from lacking authentication protections, capability checks, and sanitization on the wpfm file meta update AJAX action. This allows...
WordPress Plugin Frontend File Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2023-12479 · WordPress · Frontend File Manager
Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to, and including, 18.2 Description: The issue is related to lacking capability checks and a security nonce in the wpfm save settings AJAX action. This allows subscriber-level attackers t...
PT-2023-12476 · WordPress · Frontend File Manager
Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to, and including, 18.2 Description: The issue is related to Unauthenticated Stored Cross-Site Scripting due to lacking authentication protections and sanitization on the wpfm edit file...