CVE-2022-3126

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 71.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Frontend File Manager PluginNajeebmedia Frontend File Manager Plugin
Timeline
PublishedOct 17

Description

The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5unknown/frontend_file_manager_plugin21.421.4

🔴Vulnerability Details

2
CVEList
Frontend File Manager < 21.4 - File Upload via CSRF2022-10-17
GHSA
GHSA-g5j9-cp6r-48pp: The Frontend File Manager Plugin WordPress plugin before 212022-10-17
CVE-2022-3126 (MEDIUM CVSS 4.3) | The Frontend File Manager Plugin Wo | cvebase.io