PT-2022-20647 · WordPress · Frontend File Manager Plugin
Raad Haddad
·
Published
2022-10-17
·
Updated
2022-10-21
·
CVE-2022-3126
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Frontend File Manager Plugin WordPress plugin versions prior to 21.4
Description
The issue concerns a lack of CSRF check when uploading files, which could allow attackers to make logged-in users upload files on their behalf.
Recommendations
For versions prior to 21.4, update to version 21.4 or later to resolve the issue. As a temporary workaround, consider restricting file upload capabilities to minimize the risk of exploitation.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Frontend File Manager Plugin