Vulnerability Details CVE-2016-15042
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.075
EPSS Ranking 91.4%
CVSS Severity
CVSS v3 Score 9.8
References
- https://wordpress.org/plugins/nmedia-user-file-uploader/#developers
- https://wpscan.com/vulnerability/052f7d9a-aaff-4fb1-92b7-aeb83cc705a7
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-n-media-post-front-end-form-arbitrary-file-upload-1-0/
- https://www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-front-end-file-upload-and-manager-plugin/
- https://www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-n-media-post-front-end-form/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2c1e6298-f243-49a5-b1b7-52bd6a6c8858?source=cve
Products affected by CVE-2016-15042
-
cpe:2.3:a:najeebmedia:frontend_file_manager:-
-
cpe:2.3:a:najeebmedia:frontend_file_manager:1.0
-
cpe:2.3:a:najeebmedia:frontend_file_manager:1.1
-
cpe:2.3:a:najeebmedia:frontend_file_manager:1.2
-
cpe:2.3:a:najeebmedia:frontend_file_manager:1.3
-
cpe:2.3:a:najeebmedia:frontend_file_manager:1.4
-
cpe:2.3:a:najeebmedia:frontend_file_manager:1.5
-
cpe:2.3:a:najeebmedia:frontend_file_manager:1.6
-
cpe:2.3:a:najeebmedia:frontend_file_manager:1.7
-
cpe:2.3:a:najeebmedia:frontend_file_manager:1.8
-
cpe:2.3:a:najeebmedia:frontend_file_manager:2.0
-
cpe:2.3:a:najeebmedia:frontend_file_manager:2.1
-
cpe:2.3:a:najeebmedia:frontend_file_manager:2.3
-
cpe:2.3:a:najeebmedia:frontend_file_manager:3.0
-
cpe:2.3:a:najeebmedia:frontend_file_manager:3.1
-
cpe:2.3:a:najeebmedia:frontend_file_manager:3.2
-
cpe:2.3:a:najeebmedia:frontend_file_manager:3.3
-
cpe:2.3:a:najeebmedia:frontend_file_manager:3.4
-
cpe:2.3:a:najeebmedia:frontend_file_manager:3.5
-
cpe:2.3:a:najeebmedia:frontend_file_manager:3.6
-
cpe:2.3:a:najeebmedia:frontend_file_manager:3.7
-
cpe:2.3:a:najeebmedia:frontend_file_manager:3.8
-
cpe:2.3:a:najeebmedia:frontend_file_manager:3.9
-
cpe:2.3:a:najeebmedia:post_front-end_form:1.0