{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3126", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "dateUpdated": "2024-08-03T01:00:09.662Z", "dateReserved": "2022-09-05T00:00:00", "datePublished": "2022-10-17T00:00:00"}, "containers": {"cna": {"title": "Frontend File Manager < 21.4 - File Upload via CSRF", "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2022-10-17T00:00:00"}, "descriptions": [{"lang": "en", "value": "The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf"}], "affected": [{"vendor": "Unknown", "product": "Frontend File Manager Plugin", "versions": [{"version": "21.4", "status": "affected", "lessThan": "21.4", "versionType": "custom"}]}], "references": [{"url": "https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8"}], "credits": [{"lang": "en", "value": "Raad Haddad of Cloudyrion GmbH"}], "problemTypes": [{"descriptions": [{"type": "CWE", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "lang": "en"}]}], "x_generator": "WPScan CVE Generator", "source": {"discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:00:09.662Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "13B6063D-B607-4513-BF56-F1D1BC5C836F", "versionEndExcluding": "21.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf"}, {"lang": "es", "value": "El plugin Frontend File Manager de WordPress versiones anteriores a 21.4, no presenta una comprobaci\u00f3n de tipo SRF cuando son subidos archivos, lo que podr\u00eda permitir a atacantes hacer que usuarios registrados suban archivos en su nombre"}], "id": "CVE-2022-3126", "lastModified": "2022-10-21T16:13:56.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-17T12:15:10.117", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "contact@wpscan.com", "type": "Primary"}]}

{}