Unauthenticated HTML Injection in Frontend File Manager Plugin for WordPress
CVE-2021-4350
7.2HIGH
Summary
The Frontend File Manager plugin in WordPress versions up to and including 18.2 is susceptible to an unauthenticated HTML injection vulnerability. This issue arises from inadequate authentication protections on the wpfm_send_file_in_email AJAX action, allowing unauthenticated attackers to send emails using the website's resources. This exploit permits the attacker to set custom subject lines, recipient addresses, and include unsanitized HTML content in the email body, effectively utilizing the website as a spam relay.
Affected Version(s)
Frontend File Manager Plugin * < 18.3
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Jerome Bruandet