CVE-2021-4344 — Improper Authorization in Frontend File Manager Plugin

CWE-285 — Improper Authorization4 documents4 sources

Severity

5.4MEDIUMNVD

CNA6.4

EPSS

0.1%

top 72.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nmedia Frontend File Manager Plugin Najeebmedia Frontend File Manager Plugin

Timeline

PublishedJun 7

Latest updateMay 22

Description

The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible by the visitor. This makes it possible for unauthenticated or authenticated attackers to access the information and privileges of other users, including 'guest users', in their own category (authenticated, or unauthenticated guests).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5nmedia/frontend_file_manager_plugin< 18.3

▶NVDnajeebmedia/frontend_file_manager_plugin18.2

🔴Vulnerability Details

GHSA

GHSA-r3qp-rjmv-24xx: The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18↗2023-06-07

▶

CVEList

Frontend File Manager <= 18.2 - Privilege Escalation↗2023-06-07

▶

💬Community

Bugzilla

CVE-2021-47280 kernel: drm: Fix use-after-free read in drm_getunique()↗2024-05-22

▶