Frontend File Manager Plugin

Information

Software Type Plugin
Software Slug nmedia-user-file-uploader (view on wordpress.org)
Software Status Active
Software Author nmedia
Software Website najeebmedia.com
Software Downloads 184,961
Software Active Installs 1,000
Software Record Last Updated July 23, 2024

17 Vulnerabilities

Title Status CVE ID CVSS Researchers Date
Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload Patched CVE-2021-4368 9.9 Jerome Bruandet July 12, 2021
Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload Patched 9.8 July 16, 2016
Frontend File Manager <= 3.7 - Arbitrary File Upload Patched 9.8 Michael Kapfer, Sebastian Kraemer June 10, 2015
Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal Patched CVE-2023-5105 9.1 Dmitrii Ignatyev November 13, 2023
Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download Patched CVE-2021-4356 9.0 Jerome Bruandet July 12, 2021
Frontend File Manager Plugin <= 21.2 - Cross-Site Request Forgery to File Upload Patched CVE-2022-3126 8.8 Raad Haddad September 26, 2022
Frontend File Manager <= 21.2 - Authenticated (Subscriber+) Arbitrary File Upload Patched CVE-2022-3125 8.8 Raad Haddad September 7, 2022
Frontend File Manager <= 21.3 - Cross-Site Request Forgery to Plugin Settings Update Patched 8.8 September 6, 2022
Frontend File Manager Plugin < 3.6 - Arbitrary File Upload Patched CVE-2014-5324 8.8 Yuji Tounai September 25, 2014
Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails Patched CVE-2021-4350 7.2 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2021-4365 7.2 Jerome Bruandet July 12, 2021
Frontend File Manager <= 21.2 - Missing Authorization Patched CVE-2022-3124 6.5 Raad Haddad September 7, 2022
Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion Patched CVE-2021-4359 6.5 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Privilege Escalation Patched CVE-2021-4344 6.4 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Unauthenticated Content Injection Patched CVE-2021-4369 5.8 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change Patched CVE-2021-4351 5.8 Jerome Bruandet July 12, 2021
Frontend File Manager <= 22.7 - Sensitive Information Exposure via user uploads Patched CVE-2024-25903 5.3 Joshua Chan February 12, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation