Frontend File Manager < 21.4 - File Upload via CSRF
CVE-2022-3126
4.3MEDIUM
Summary
The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf
Affected Version(s)
Frontend File Manager Plugin 21.4
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Raad Haddad of Cloudyrion GmbH