← Back

Frontend File Manager

frontend_file_manager

Vendor: Najeebmedia • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2016-15042
1Najeebmedia
2Frontend File Manager
Post Front End Form
Oct 30, 2024
Oct 16, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_f...Show more
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.Show less
CVE-2024-25903
1Najeebmedia
1Frontend File Manager
Apr 28, 2026
Mar 17, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7.
CVE-2022-3125
1Najeebmedia
1Frontend File Manager
Nov 21, 2024
Oct 3, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to uploa...Show more
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCEShow less
CVE-2022-3124
1Najeebmedia
1Frontend File Manager
Nov 21, 2024
Oct 3, 2022
N/A· v4
5.3 MEDIUM· v3
N/A· v2
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow...Show more
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web serverShow less