CVE-2021-4350
First published: Wed Jun 07 2023(Updated: )
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfm_send_file_in_email AJAX action. This makes it possible for unauthenticated attackers to send emails using the site with a custom subject, recipient email, and body with unsanitized HTML content. This effectively lets the attacker use the site as a spam relay.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| N-Media Frontend File Manager | <=18.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-4350.
What is the title of the vulnerability?
The title of the vulnerability is 'The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection'.
What is the severity of CVE-2021-4350?
The severity of CVE-2021-4350 is high with a score of 5.3.
How does CVE-2021-4350 affect the Frontend File Manager plugin for WordPress?
CVE-2021-4350 affects versions up to, and including, 18.2 of the Frontend File Manager plugin for WordPress.
How can I fix the vulnerability in the Frontend File Manager plugin for WordPress?
To fix the vulnerability in the Frontend File Manager plugin for WordPress, you should update to a version beyond 18.2 that includes the security patch.
- agent/references
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/najeebmedia
- canonical/n-media frontend file manager
- version/n-media frontend file manager/18.2