2 matches found
CVE-2021-4351
The CVE-2021-4351 entry concerns the WordPress Frontend File Manager plugin. Affected software: Frontend File Manager plugin for WordPress, versions up to and including 18.2. Vulnerability details: unauthenticated access allows changes to post/page metadata via the wpfm_file_meta_update AJAX acti...
CVE-2021-4351 Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfmfilemetaupdate AJAX action. This makes it possible for...