Lucene search
K

223 matches found

Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.5 views

PT-2023-12459 · WordPress · Frontend File Manager

Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to, and including, 18.2 Description: The issue is related to Unauthenticated HTML Injection due to lacking authentication protections on the wpfm send file in email AJAX action. This allo...

7.2CVSS5.4AI score0.00672EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.6 views

WordPress Plugin Frontend File Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

7.2CVSS6.3AI score0.00758EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.5 views

PT-2023-12468 · WordPress · Frontend File Manager

Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to, and including, 18.2 Description: The issue arises from lacking authentication protections and a security nonce on the wpfm delete file AJAX action, allowing unauthenticated attackers ...

6.5CVSS5.5AI score0.00877EPSS
Exploits1References5
OSV
OSV
added 2022/10/17 12:15 p.m.6 views

CVE-2022-3126

The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf...

4.3CVSS5.8AI score0.00267EPSS
Exploits2References1
Prion
Prion
added 2022/10/17 12:15 p.m.13 views

Cross site request forgery (csrf)

The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf...

4.3CVSS4.6AI score0.00267EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/10/17 12:0 a.m.24 views

CVE-2022-3126 Frontend File Manager < 21.4 - File Upload via CSRF

The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf...

5AI score0.00267EPSS
Exploits2References1
CVE
CVE
added 2022/10/17 12:0 a.m.65 views

CVE-2022-3126

CVE-2022-3126 concerns the WordPress plugin Frontend File Manager (prior to version 21.4). The issue is a missing CSRF check during file uploads, enabling an attacker to cause a logged-in user to upload files on the attacker’s behalf. Documented impact is limited to file upload behavior with no b...

4.3CVSS4.5AI score0.00267EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.5 views

PT-2022-20647 · WordPress · Frontend File Manager Plugin

Name of the Vulnerable Software and Affected Versions: Frontend File Manager Plugin WordPress plugin versions prior to 21.4 Description: The issue concerns a lack of CSRF check when uploading files, which could allow attackers to make logged-in users upload files on their behalf. Recommendations:...

4.3CVSS4.6AI score0.00267EPSS
Exploits2References4
CNNVD
CNNVD
added 2022/10/17 12:0 a.m.4 views

WordPress Plugin Frontend File Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

4.3CVSS5.1AI score0.00267EPSS
Exploits2References2
CNVD
CNVD
added 2022/10/11 12:0 a.m.13 views

WordPress Frontend File Manager Arbitrary File Upload Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. WordPress Frontend File Manager versions prior to 21.3 are vulnerable to arbitrary file uploads, whi...

8.8CVSS2.8AI score0.01113EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/10/03 2:15 p.m.2 views

CVE-2022-3125

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...

8.8CVSS7.4AI score0.01113EPSS
Exploits2References2
OSV
OSV
added 2022/10/03 2:15 p.m.3 views

CVE-2022-3125

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...

8.8CVSS5.9AI score0.01113EPSS
Exploits2References1
OSV
OSV
added 2022/10/03 2:15 p.m.2 views

CVE-2022-3124

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...

5.3CVSS5.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/10/03 2:15 p.m.3 views

CVE-2022-3124

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...

5.3CVSS6.2AI score0.06199EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2022/10/03 2:15 p.m.21 views

CVE-2022-3124

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...

5.3CVSS6.2AI score0.06199EPSS
Exploits2References2
OSV
OSV
added 2022/10/03 2:15 p.m.3 views

UBUNTU-CVE-2022-3124

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...

5.3CVSS5.9AI score0.06199EPSS
Exploits2References3
CVE
CVE
added 2022/10/03 1:45 p.m.71 views

CVE-2022-3125

The CVE-2022-3125 entry concerns the WordPress Frontend File Manager plugin (versions prior to 21.3). The vulnerability arises from allowing any authenticated user (e.g., a subscriber) to rename an uploaded file to an arbitrary extension (such as PHP), which could enable uploading of arbitrary fi...

8.8CVSS8.6AI score0.01113EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/10/03 1:45 p.m.22 views

CVE-2022-3125 Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...

8.8AI score0.01113EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/10/03 1:45 p.m.23 views

CVE-2022-3124 Frontend File Manager < 21.3 - Unauthenticated File Renaming

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...

5.7AI score0.06199EPSS
Exploits2References1
EUVD
EUVD
added 2022/10/03 1:45 p.m.5 views

EUVD-2022-42551

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...

5.3CVSS5.3AI score0.06199EPSS
Exploits2References1
Rows per page
Query Builder