Frontend File Manager Plugin

Information

Software Type Plugin
Software Slug nmedia-user-file-uploader (view on wordpress.org)
Software Status Active
Software Author nmedia
Software Website najeebmedia.com
Software Downloads 182,007
Software Active Installs 1,000
Software Record Last Updated February 24, 2024

17 Vulnerabilities

Title CVE ID CVSS Researchers Date
Frontend File Manager <= 22.7 - Sensitive Information Exposure via user uploads CVE-2024-25903 5.3 Joshua Chan February 12, 2024
Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal CVE-2023-5105 9.1 Dmitrii Ignatyev November 13, 2023
Frontend File Manager Plugin <= 21.2 - Cross-Site Request Forgery to File Upload CVE-2022-3126 8.8 Raad Haddad September 26, 2022
Frontend File Manager <= 21.2 - Missing Authorization CVE-2022-3124 6.5 Raad Haddad September 7, 2022
Frontend File Manager <= 21.2 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2022-3125 8.8 Raad Haddad September 7, 2022
Frontend File Manager <= 21.3 - Cross-Site Request Forgery to Plugin Settings Update 8.8 September 6, 2022
Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion CVE-2021-4359 6.5 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Unauthenticated Content Injection CVE-2021-4369 5.8 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload CVE-2021-4368 9.9 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting CVE-2021-4365 7.2 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Privilege Escalation CVE-2021-4344 6.4 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download CVE-2021-4356 9.0 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change CVE-2021-4351 5.8 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails CVE-2021-4350 7.2 Jerome Bruandet July 12, 2021
Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload 9.8 July 16, 2016
Frontend File Manager <= 3.7 - Arbitrary File Upload 9.8 Michael Kapfer, Sebastian Kraemer June 10, 2015
Frontend File Manager Plugin < 3.6 - Arbitrary File Upload CVE-2014-5324 8.8 Yuji Tounai September 25, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation