WordPress Plugin Vulnerabilities

Frontend File Manager < 18.3 - Unauthenticated Post Meta Change to Arbitrary File Download

Description

The wpfm_file_meta_update AJAX action of the plugin, available to unauthenticated users, was lacking CSRF and capability check, allowing unauthenticated users to change arbitrary post metadata which could lead to arbitrary file download

Affects Plugins

Plugin icon
nmedia-user-file-uploader
Fixed in 18.3

References

CVE
CVE-2021-4351
URL
https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
8.2 (high)

Miscellaneous

Original Researcher
Jerome Bruandet (nintechnet)
Verified
No
WPVDB ID
fad74155-b759-46a4-92ae-6d85a68598fd

Timeline

Publicly Published
2021-07-12 (about 4 years ago)
Added
2021-07-12 (about 4 years ago)
Last Updated
2023-06-08 (about 2 years ago)

Other

Published
Title
Published
2025-02-18
Title
ElementsKit Elementor addons < 3.4.1 - Unauthenticated Information Exposure
Published
2021-01-22
Title
Doneren met Mollie < 2.8.5 - Unauthorised CSV Export leading to Sensitive Data Disclosure
Published
2025-07-03
Title
DocCheck Login < 1.1.6 - Unauthorized Post Access
Published
2021-09-30
Title
JS Job Manager < 1.1.9 - Unauthenticated Arbitrary Plugin Installation/Activation
Published
2024-06-05
Title
The Moneytizer < 10.0.1 - Missing Authorization via multiple AJAX actions