← Back to CVEs
CVE-2021-4368
CRITICAL9.9
Description
The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfm_save_settings AJAX action. This makes it possible for subscriber-level attackers to edit the plugin settings, such as the allowed upload file types. This can lead to remote code execution through other vulnerabilities.
CVE Details
CVSS v3.1 Score9.9
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published6/7/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
najeebmedia:frontend_file_manager_plugin
Weaknesses (CWE)
CWE-862
References
https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/(security@wordfence.com)
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=(security@wordfence.com)
https://www.wordfence.com/threat-intel/vulnerabilities/id/adb1d8b0-b1d6-40df-b591-f1062ee744fb?source=cve(security@wordfence.com)
https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/(af854a3a-2127-422b-91ae-364da2661108)
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=(af854a3a-2127-422b-91ae-364da2661108)
https://www.wordfence.com/threat-intel/vulnerabilities/id/adb1d8b0-b1d6-40df-b591-f1062ee744fb?source=cve(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.