223 matches found
PT-2023-12459 · WordPress · Frontend File Manager
Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to, and including, 18.2 Description: The issue is related to Unauthenticated HTML Injection due to lacking authentication protections on the wpfm send file in email AJAX action. This allo...
WordPress Plugin Frontend File Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
PT-2023-12468 · WordPress · Frontend File Manager
Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to, and including, 18.2 Description: The issue arises from lacking authentication protections and a security nonce on the wpfm delete file AJAX action, allowing unauthenticated attackers ...
CVE-2022-3126
The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf...
Cross site request forgery (csrf)
The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf...
CVE-2022-3126 Frontend File Manager < 21.4 - File Upload via CSRF
The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf...
CVE-2022-3126
CVE-2022-3126 concerns the WordPress plugin Frontend File Manager (prior to version 21.4). The issue is a missing CSRF check during file uploads, enabling an attacker to cause a logged-in user to upload files on the attacker’s behalf. Documented impact is limited to file upload behavior with no b...
PT-2022-20647 · WordPress · Frontend File Manager Plugin
Name of the Vulnerable Software and Affected Versions: Frontend File Manager Plugin WordPress plugin versions prior to 21.4 Description: The issue concerns a lack of CSRF check when uploading files, which could allow attackers to make logged-in users upload files on their behalf. Recommendations:...
WordPress Plugin Frontend File Manager 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...
WordPress Frontend File Manager Arbitrary File Upload Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. WordPress Frontend File Manager versions prior to 21.3 are vulnerable to arbitrary file uploads, whi...
CVE-2022-3125
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...
CVE-2022-3125
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...
CVE-2022-3124
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...
CVE-2022-3124
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...
CVE-2022-3124
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...
UBUNTU-CVE-2022-3124
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...
CVE-2022-3125
The CVE-2022-3125 entry concerns the WordPress Frontend File Manager plugin (versions prior to 21.3). The vulnerability arises from allowing any authenticated user (e.g., a subscriber) to rename an uploaded file to an arbitrary extension (such as PHP), which could enable uploading of arbitrary fi...
CVE-2022-3125 Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...
CVE-2022-3124 Frontend File Manager < 21.3 - Unauthenticated File Renaming
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...
EUVD-2022-42551
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...