WordPress Plugin Vulnerabilities

Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing

Description

The plugin does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

Proof of Concept

http://your_site/wp-content/uploads/front-end-pm/2023/09/

Affects Plugins

Plugin icon
front-end-pm
Fixed in 11.4.3

References

CVE
CVE-2023-4930

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
https://blog.cleantalk.org
Verified
Yes
WPVDB ID
c73b3276-e6f1-4f22-a888-025e5d0504f2

Timeline

Publicly Published
2023-10-16 (about 1 months ago)
Added
2023-10-16 (about 1 months ago)
Last Updated
2023-10-16 (about 1 months ago)

Other

Published
Title
Published
2021-09-01
Title
Gutenberg Template Library & Redux Framework < 4.2.13 - Unauthenticated Sensitive Information Disclosure
Published
2022-04-18
Title
Popup by Supsystic < 1.10.9 - Unauthenticated Subscriber Email Addresses Disclosure
Published
2023-07-10
Title
LMS by Masteriyo < 1.6.8 - Information Exposure
Published
2023-08-14
Title
InfiniteWP Client < 1.12.1 - Unauthenticated Sensitive Information Exposure
Published
2022-09-26
Title
Helpful < 4.5.26 - Information Disclosure