4.3
CVE-2022-3126
- EPSS 0.27%
- Veröffentlicht 17.10.2022 12:15:10
- Zuletzt bearbeitet 14.05.2025 16:15:21
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginFrontend File Manager < 21.4 - File Upload via CSRF
Frontend File Manager Plugin <= 21.2 - Cross-Site Request Forgery to File Upload
The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf
Mögliche Gegenmaßnahme
Frontend File Manager Plugin: Update to version 21.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Najeebmedia ≫ Frontend File Manager Plugin SwPlatformwordpress Version < 21.4
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Frontend File Manager Plugin
Version
*-21.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.18 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8
https://www.wordfence.com/threat-intel/vulnerabilities/id/361e2d5c-4355-4e71-91aa-2c1bc6b6fb78