Frontend File Manager < 22.6 - Editor+ Arbitrary File Download
CVE-2023-5105

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Frontend File Manager Plugin
Vendor: CVE Published:; 4 December 2023

Summary

The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as wp-config.php

Affected Version(s)

Frontend File Manager Plugin 0 < 22.6

References

https://wpscan.com/vulnerability/d40c7108-bad6-4ed3-8539-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 4, 2023
Vulnerability Reserved
Sep 21, 2023

Credit

Dmitrii Ignatyev

WPScan