WordPress Plugin Vulnerabilities

Frontend File Manager < 18.3 - Privilege Escalation

Description

The wpfm_get_current_user function of the plugin did not properly check for the user ID, allowing it to be overridden by providing the file_owner GET parameter

Affects Plugins

Plugin icon
nmedia-user-file-uploader
Fixed in 18.3

References

CVE
CVE-2021-4344
URL
https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Jerome Bruandet (nintechnet)
Verified
No
WPVDB ID
8acdca62-1d5d-461f-9152-91e88e36f0c4

Timeline

Publicly Published
2021-07-12 (about 2 years ago)
Added
2021-07-12 (about 2 years ago)
Last Updated
2023-06-08 (about 11 months ago)

Other

Published
Title
Published
2024-02-19
Title
Schema & Structured Data for WP & AMP < 1.27 - Contributor+ reCaptcha Key Update
Published
2022-02-22
Title
Advanced Contact form 7 DB < 1.8.7 - Subscriber+ Arbitrary File Deletion
Published
2021-01-22
Title
Doneren met Mollie < 2.8.5 - Unauthorised CSV Export leading to Sensitive Data Disclosure
Published
2021-08-23
Title
Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Deletion
Published
2021-04-14
Title
BuddyPress < 7.3.0 - Multiple Authenticated REST API Vulnerabilities