CVE-2021-4368
The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change up to version 18.2 due to missing capability checks and a security nonce on the wpfm_save_settings AJAX action. This allows subscriber-level attackers to modify plugin settings (e.g., allowed upload file...