cbcvebase.
CVE-2016-15042
published 2024-10-16

CVE-2016-15042: The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to…

PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
5.51%
91.8th percentile
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Affected

4 ranges
VendorProductVersion rangeFixed in
najeebmediafrontend_file_manager< 4.04.0
najeebmediapost_front-end_form< 1.11.1
nmediafrontend_file_manager_plugin< 4.04.0
nmedian-media_post_front-end_form<= 1.0

Detection & IOCsextracted from sources · hover to see the quote

url/wp-admin/admin-ajax.php
path/wp-content/uploads/post_files/
path/wp-content/uploads/user_uploads/
commandaction=nm_postfront_upload_file
commandaction=nm_filemanager_upload_file
  • Detect unauthenticated POST requests to /wp-admin/admin-ajax.php with multipart form-data containing the AJAX action 'nm_postfront_upload_file' — indicates exploitation of N-Media Post Front-end Form arbitrary file upload (CVE-2016-15042).
  • Detect unauthenticated POST requests to /wp-admin/admin-ajax.php with multipart form-data containing the AJAX action 'nm_filemanager_upload_file' — indicates exploitation of Frontend File Manager arbitrary file upload (CVE-2016-15042).
  • Monitor for newly created files under /wp-content/uploads/post_files/ and /wp-content/uploads/user_uploads/ — successful exploitation drops attacker-controlled files in these directories, potentially enabling remote code execution.
  • Alert on HTTP 200 responses to GET requests for files under /wp-content/uploads/user_uploads/ or /wp-content/uploads/post_files/ immediately following a POST to admin-ajax.php with nm_filemanager_upload_file or nm_postfront_upload_file actions — confirms successful arbitrary file upload.
  • The vulnerability is exploitable by unauthenticated attackers via AJAX actions with no file type validation — no session cookie or nonce is required in the exploit request.
  • ·Affected plugin versions: Frontend File Manager < 4.0 and N-Media Post Front-end Form < 1.1. Detections should be scoped to sites running these versions.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.