Privilege Escalation in Frontend File Manager Plugin for WordPress
CVE-2021-4344

6.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Frontend File Manager Plugin
Vendor: CVE Published:; 7 June 2023

Summary

The Frontend File Manager plugin for WordPress suffers from a vulnerability that allows attackers to escalate their privileges due to improper handling of user IDs. This design flaw permits authenticated and unauthenticated users to access sensitive information and privileges associated with other users, including guest users, within their own user category. This mismanagement of access can lead to significant security risks for WordPress sites utilizing this plugin.

Affected Version(s)

Frontend File Manager Plugin * < 18.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://blog.nintechnet.com/wordpress-frontend-file-manag...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 7, 2023
Vulnerability Reserved
Jun 6, 2023

Credit

Jerome Bruandet