3 matches found
CVE-2023-4930 Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing
The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...
CVE-2023-4930 Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing
The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...
CVE-2023-4930
CVE-2023-4930 affects the Front End PM WordPress plugin prior to 11.4.3. The vulnerability arises because the plugin does not block listing of directories where private-message attachments are stored, enabling unauthenticated users to list and download those attachments if the web server’s autoin...