← back
CVE-2022-3126

Frontend File Manager < 21.4 - File Upload via CSRF

CVSS 4.3 MEDIUMEPSS 0.3%CWE-352
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Oct 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N