← Voltar para CVEs
CVE-2022-3126
MEDIUM4.3
Descricao
The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf
Detalhes CVE
Pontuacao CVSS v3.14.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado10/17/2022
Ultima modificacao5/14/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
najeebmedia:frontend_file_manager_plugin
Fraquezas (CWE)
CWE-352
Referencias
https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8(contact@wpscan.com)
https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.