Frontend File Manager Plugin

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Frontend File Manager Plugin

Information

Software Type Plugin
Software Slug nmedia-user-file-uploader (view on wordpress.org)
Software Status Active
Software Author nmedia
Software Website najeebmedia.com
Software Downloads 183,618
Software Active Installs 1,000
Software Record Last Updated May 15, 2024

17 Vulnerabilities

Frontend File Manager Plugin < 3.6 - Arbitrary File Upload
8.8
CVE-2014-5324
Sep 25, 2014
Researcher: Yuji Tounai
Frontend File Manager <= 3.7 - Arbitrary File Upload
9.8
CVE ID Unknown
Jun 10, 2015
Researchers: Michael Kapfer, Sebastian Kraemer
Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload
9.8
CVE ID Unknown
Jul 16, 2016
Researchers:
Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion
6.5
CVE-2021-4359
Jul 12, 2021
Researcher: Jerome Bruandet
Frontend File Manager <= 18.2 - Unauthenticated Content Injection
5.8
CVE-2021-4369
Jul 12, 2021
Researcher: Jerome Bruandet
Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload
9.9
CVE-2021-4368
Jul 12, 2021
Researcher: Jerome Bruandet
Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2021-4365
Jul 12, 2021
Researcher: Jerome Bruandet
Frontend File Manager <= 18.2 - Privilege Escalation
6.4
CVE-2021-4344
Jul 12, 2021
Researcher: Jerome Bruandet
Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download
9.0
CVE-2021-4356
Jul 12, 2021
Researcher: Jerome Bruandet
Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change
5.8
CVE-2021-4351
Jul 12, 2021
Researcher: Jerome Bruandet
Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails
7.2
CVE-2021-4350
Jul 12, 2021
Researcher: Jerome Bruandet
Frontend File Manager <= 21.3 - Cross-Site Request Forgery to Plugin Settings Update
8.8
CVE ID Unknown
Sep 6, 2022
Researchers:
Frontend File Manager <= 21.2 - Authenticated (Subscriber+) Arbitrary File Upload
8.8
CVE-2022-3125
Sep 7, 2022
Researcher: Raad Haddad
Frontend File Manager <= 21.2 - Missing Authorization
6.5
CVE-2022-3124
Sep 7, 2022
Researcher: Raad Haddad
Frontend File Manager Plugin <= 21.2 - Cross-Site Request Forgery to File Upload
8.8
CVE-2022-3126
Sep 26, 2022
Researcher: Raad Haddad
Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal
9.1
CVE-2023-5105
Nov 13, 2023
Researcher: Dmitrii Ignatyev
Frontend File Manager <= 22.7 - Sensitive Information Exposure via user uploads
5.3
CVE-2024-25903
Feb 12, 2024
Researcher: Joshua Chan
Title Status CVE ID CVSS Researchers Date
Frontend File Manager Plugin < 3.6 - Arbitrary File Upload Patched CVE-2014-5324 8.8 Yuji Tounai September 25, 2014
Frontend File Manager <= 3.7 - Arbitrary File Upload Patched 9.8 Michael Kapfer, Sebastian Kraemer June 10, 2015
Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload Patched 9.8 July 16, 2016
Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion Patched CVE-2021-4359 6.5 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Unauthenticated Content Injection Patched CVE-2021-4369 5.8 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload Patched CVE-2021-4368 9.9 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2021-4365 7.2 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Privilege Escalation Patched CVE-2021-4344 6.4 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download Patched CVE-2021-4356 9.0 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change Patched CVE-2021-4351 5.8 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails Patched CVE-2021-4350 7.2 Jerome Bruandet July 12, 2021
Frontend File Manager <= 21.3 - Cross-Site Request Forgery to Plugin Settings Update Patched 8.8 September 6, 2022
Frontend File Manager <= 21.2 - Authenticated (Subscriber+) Arbitrary File Upload Patched CVE-2022-3125 8.8 Raad Haddad September 7, 2022
Frontend File Manager <= 21.2 - Missing Authorization Patched CVE-2022-3124 6.5 Raad Haddad September 7, 2022
Frontend File Manager Plugin <= 21.2 - Cross-Site Request Forgery to File Upload Patched CVE-2022-3126 8.8 Raad Haddad September 26, 2022
Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal Patched CVE-2023-5105 9.1 Dmitrii Ignatyev November 13, 2023
Frontend File Manager <= 22.7 - Sensitive Information Exposure via user uploads Patched CVE-2024-25903 5.3 Joshua Chan February 12, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation