CVE-2022-3126

The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8	Exploit Third Party Advisory
https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:18

Type	Values Removed	Values Added
References	~~() https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8 - Exploit, Third Party Advisory~~	() https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8 - Exploit, Third Party Advisory

21 Oct 2022, 16:13

Type	Values Removed	Values Added
CPE		cpe:2.3:a:najeebmedia:frontend_file_manager_plugin::::::wordpress::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
References	~~(MISC) https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8 -~~	(MISC) https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8 - Exploit, Third Party Advisory

17 Oct 2022, 12:49

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-10-17 12:15

Updated : 2025-05-14 16:15

NVD link : CVE-2022-3126

Mitre link : CVE-2022-3126

CVE.ORG link : CVE-2022-3126

JSON object : View

Products Affected

najeebmedia

frontend_file_manager_plugin

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2022-3126", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-10-17T12:15:10.117", "references": [{"url": "https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf"}, {"lang": "es", "value": "El plugin Frontend File Manager de WordPress versiones anteriores a 21.4, no presenta una comprobaci\u00f3n de tipo SRF cuando son subidos archivos, lo que podr\u00eda permitir a atacantes hacer que usuarios registrados suban archivos en su nombre"}], "lastModified": "2025-05-14T16:15:21.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "13B6063D-B607-4513-BF56-F1D1BC5C836F", "versionEndExcluding": "21.4"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}