CVE-2022-3124

Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin WordPress plugin versions prior to 21.3

Description The issue allows any unauthenticated user to rename uploaded files from users. Due to the lack of validation in the destination filename, this could allow them to change the content of arbitrary files on the web server.

Recommendations For versions prior to 21.3, update to version 21.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the file upload and rename functionality to authenticated users only. Avoid using the file rename feature until the issue is resolved.