14 matches found
EUVD-2026-26818
During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...
CVE-2026-5337
During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...
WordPress plugin Frontend File Manager Plugin 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is a...
CVE-2026-1280 Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter
The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...
CVE-2026-1280 Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter
The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...
EUVD-2005-3501
Malware in sbrugna...
EUVD-2005-4422
Malware in sbrugna...
CVE-2024-25513
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the fileid parameter at /CorporateCulture/kaizendownload.aspx...
CVE-2024-25523
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the fileid parameter at /filemanage/filememo.aspx...
CVE-2024-25523
RuvarOA v6.01 and v12.01 are affected by an SQL injection vulnerability in the /filemanage/file_memo.aspx endpoint, exploitable via the file_id parameter. Root cause: lack of input validation against external SQL input. Impact (per sources): potential unauthorized data theft and data integrity/av...
CVE-2024-25523
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the fileid parameter at /filemanage/filememo.aspx...
CVE-2024-25513
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the fileid parameter at /CorporateCulture/kaizendownload.aspx...
CVE-2024-25513
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the fileid parameter at /CorporateCulture/kaizendownload.aspx...
CVE-2005-3502
attachmentsend.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified fileid parameter...