WordPress Plugin Vulnerabilities

Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing

Description

The plugin does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

Proof of Concept

http://your_site/wp-content/uploads/front-end-pm/2023/09/

Affects Plugins

Plugin icon
front-end-pm
Fixed in 11.4.3

References

CVE
CVE-2023-4930

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
https://blog.cleantalk.org
Verified
Yes
WPVDB ID
c73b3276-e6f1-4f22-a888-025e5d0504f2

Timeline

Publicly Published
2023-10-16 (about 6 months ago)
Added
2023-10-16 (about 6 months ago)
Last Updated
2023-10-16 (about 6 months ago)

Other

Published
Title
Published
2023-10-13
Title
Migration, Backup, Staging - WPvivid < 0.9.92 - Unauthenticated Sensitive Information Exposure
Published
2022-12-05
Title
Autoptimize < 3.1.0 - Sensitive Data Disclosure
Published
2024-01-22
Title
File Manager < 7.2.2 - Sensitive Information Exposure via Backup Filenames
Published
2022-10-17
Title
WP < 6.0.3 - Content from Multipart Emails Leaked
Published
2021-08-26
Title
PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Private Content Disclosure