WordPress Plugin Vulnerabilities
Frontend File Manager < 18.3 - Privilege Escalation
Description
The wpfm_get_current_user function of the plugin did not properly check for the user ID, allowing it to be overridden by providing the file_owner GET parameter
Affects Plugins
References
Classification
Type
ACCESS CONTROLS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Jerome Bruandet (nintechnet)
Verified
No
WPVDB ID
Timeline
Publicly Published
2021-07-12 (about 2 years ago)
Added
2021-07-12 (about 2 years ago)
Last Updated
2023-06-08 (about 11 months ago)