CVE-2022-3124: Frontend File Manager < 21.3 - Unauthenticated File Renaming
First published: Mon Oct 03 2022(Updated: )
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| N-Media Frontend File Manager | <21.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-3124?
CVE-2022-3124 is a vulnerability in the Frontend File Manager Plugin WordPress plugin before version 21.3.
What is the severity of CVE-2022-3124?
CVE-2022-3124 has a severity score of 5.3, which is considered medium.
Who is affected by CVE-2022-3124?
Users of the Frontend File Manager Plugin WordPress plugin version up to and including 21.3 are affected by CVE-2022-3124.
How does CVE-2022-3124 impact users?
CVE-2022-3124 allows any unauthenticated user to rename uploaded files from users and potentially change the content of arbitrary files on the web server.
Is there a fix for CVE-2022-3124?
To fix CVE-2022-3124, users should update to version 21.3 or later of the Frontend File Manager Plugin WordPress plugin.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/title
- agent/references
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/najeebmedia
- canonical/n-media frontend file manager