CVE-2022-3126: Frontend File Manager < 21.4 - File Upload via CSRF
First published: Mon Oct 17 2022(Updated: )
The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| N-Media Frontend File Manager | <21.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-3126?
CVE-2022-3126 is a vulnerability in the Frontend File Manager Plugin WordPress plugin before version 21.4 that allows logged in users to upload files on behalf of others.
How severe is CVE-2022-3126?
CVE-2022-3126 has a severity score of 4.3, which is considered medium.
How does CVE-2022-3126 affect Najeebmedia Frontend File Manager Plugin?
CVE-2022-3126 affects the Najeebmedia Frontend File Manager Plugin version up to 21.4.
Is there a CSRF check in the Frontend File Manager Plugin?
No, the Frontend File Manager Plugin before version 21.4 does not have a CSRF check when uploading files.
How can attackers exploit CVE-2022-3126?
Attackers can exploit CVE-2022-3126 by making logged in users upload files on their behalf.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/title
- agent/references
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/najeebmedia
- canonical/n-media frontend file manager