11 matches found
WordPress Front End PM Plugin < 11.4.3 is vulnerable to Sensitive Data Exposure
Software Front End PM Type Plugin Vulnerable versions 11.4.3 Fixed in 11.4.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-4930 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID a8a31ca22e6b Credits Dmitrii Ignatyev Required...
CVE-2023-4930
The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...
CVE-2023-4930
The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...
CVE-2023-4930 Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing
The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...
CVE-2023-4930
CVE-2023-4930 affects the Front End PM WordPress plugin prior to 11.4.3. The vulnerability arises because the plugin does not block listing of directories where private-message attachments are stored, enabling unauthenticated users to list and download those attachments if the web server’s autoin...
CVE-2023-4930 Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing
The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...
PT-2023-31160 · WordPress · Front End Pm
Name of the Vulnerable Software and Affected Versions: Front End PM WordPress plugin versions prior to 11.4.3 Description: The issue allows unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled, due to the plugin not blocking the...
Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing
Description The plugin does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...
WordPress Front End PM Plugin < 11.3.9 is vulnerable to Cross Site Scripting (XSS)
Software Front End PM Type Plugin Vulnerable versions 11.3.9 Fixed in 11.3.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d8bae7ecb926 Credits Rafie Muhammad Patchstack Required...
WordPress Front End PM plugin < 11.3.4 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Front End PM plugin versions 11.3.4. Solution Update the WordPress Front End PM plugin to the latest available version at least 11.3.4...
WordPress Front End PM plugin < 11.3.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Front End PM plugin versions 11.3.4. Solution Update the WordPress Front End PM plugin to the latest available version at least 11.3.4...