2 matches found
CVE-2023-5105
The CVE-2023-5105 affects the WordPress Frontend File Manager Plugin (wpfm-files) prior to version 22.6. An Editor+ user can bypass the download logic to arbitrarily download sensitive files (e.g., wp-config.php) by manipulating wpfm_dir_path/wpfm_file_url, as shown in published PoC steps. The vu...
WordPress Frontend File Manager Plugin < 22.6 is vulnerable to Arbitrary File Download
Software Frontend File Manager Type Plugin Vulnerable versions 22.6 Fixed in 22.6 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Download CVE CVE-2023-5105 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID 66e0e4c68ed0 Credits Dmitrii Ignatyev...