CVE-2022-3126

{"id": "CVE-2022-3126", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-10-17T12:15:10.117", "references": [{"url": "https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf"}, {"lang": "es", "value": "El plugin Frontend File Manager de WordPress versiones anteriores a 21.4, no presenta una comprobaci\u00f3n de tipo SRF cuando son subidos archivos, lo que podr\u00eda permitir a atacantes hacer que usuarios registrados suban archivos en su nombre"}], "lastModified": "2022-10-21T16:13:56.577", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "13B6063D-B607-4513-BF56-F1D1BC5C836F", "versionEndExcluding": "21.4"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}