2 matches found
CVE-2021-4350 Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfmsendfileinemail AJAX action. This makes it possible for unauthenticated attackers to send emails usin...
CVE-2021-4350
The CVE-2021-4350 entry concerns the Frontend File Manager WordPress plugin. Affects versions up to 18.2 and is caused by missing authentication on the wpfm_send_file_in_email AJAX action, enabling unauthenticated users to send emails with a crafted subject, recipient, and HTML body, effectively ...