← volver
CVE-2022-3126

Frontend File Manager < 21.4 - File Upload via CSRF

CVSS 4.3 MEDIUMEPSS 0.3%CWE-352
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
17 oct 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N