CVE-2022-3126
Frontend File Manager < 21.4 - File Upload via CSRF
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
17 Oct 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Affected products
Unknown · Frontend File Manager Plugin