Unauthenticated Arbitrary File Download Vulnerability in Frontend File Manager Plugin for WordPress
CVE-2021-4356

9CRITICAL

Key Information:

Vendor
Wordpress
Status
Frontend File Manager Plugin
Vendor
CVE Published:
7 June 2023

Summary

The Frontend File Manager plugin for WordPress is vulnerable due to insufficient authentication measures, lack of capability verification, and inadequate file sanitization in the wpfm_file_meta_update AJAX action. This allows attackers to exploit the vulnerability and download sensitive files from the server without any authentication. Consequently, this may lead to further security breaches and potential site takeover if sensitive data is accessed.

Affected Version(s)

Frontend File Manager Plugin * < 18.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://blog.nintechnet.com/wordpress-frontend-file-manag...
https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jerome Bruandet
.