Vulnerability Details CVE-2021-4365
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to, and including, 18.2. This is due to lacking authentication protections and santisation all on the wpfm_edit_file_title_desc AJAX action. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 71.9%
CVSS Severity
CVSS v3 Score 7.2
References
- https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a9c82154-d390-44ba-a54a-89f4bb69cdce?source=cve
- https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a9c82154-d390-44ba-a54a-89f4bb69cdce?source=cve
Products affected by CVE-2021-4365
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:-
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.0
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.1
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.2
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.3
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.4
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.5
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.6
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.7
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.8
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.0
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.1
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.2
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.3
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.4
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.5
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.6
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.7
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.8
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.9
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.0
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.1
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.2
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.3
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.4
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.5
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.6
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.7
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.8
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.9
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.0
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.1
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.2
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.3
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.4
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.5
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.6
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.7
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.8
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.9
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:16.0
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:17.0
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:17.1
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:18.0
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:18.1
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:18.2
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:2.0
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:2.1
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.0
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.1
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.2
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.3
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.4
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.5
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.6
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.7
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.8
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.9
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:4.0
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:4.1
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:5.0
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:5.1
-
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:5.2