WordPress Plugin Vulnerabilities

Frontend File Manager < 18.3 - Unauthenticated Arbitrary Post Deletion

Description

The wpfm_delete_file AJAX action of the plugin, available to unauthenticated users, was lacking CSRF and capability check, allowing unauthenticated users to delete arbitrary posts and pages from the blog

Affects Plugins

Plugin icon
nmedia-user-file-uploader
Fixed in 18.3

References

CVE
CVE-2021-4359
URL
https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Jerome Bruandet (nintechnet)
Verified
No
WPVDB ID
0f54cb4e-2f4e-43a9-9bd2-175a3934f7a3

Timeline

Publicly Published
2021-07-12 (about 4 years ago)
Added
2021-07-12 (about 4 years ago)
Last Updated
2023-06-08 (about 2 years ago)

Other

Published
Title
Published
2024-05-23
Title
Event post < 5.9.5 - Missing Authorization
Published
2024-03-18
Title
s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions < 240315 - Information Exposure
Published
2024-01-24
Title
Views for WPForms < 3.2.3 - Missing Authorization via create_view
Published
2021-05-26
Title
Multivendor Marketplace Solution for WooCommerce < 3.7.4 - Unauthenticated Arbitrary Product Comment
Published
2021-06-18
Title
404 to 301 < 3.0.8 - Broken Access Control