WordPress File Management Plugin Riddled with Critical Bugs

2021-07-12 20:23

A critical cross-site scripting bug impacts WordPress sites running the Frontend File Manager plugin and allows remote unauthenticated users to inject JavaScript code into vulnerable websites to create admin user accounts.

The bug is one of six critical flaws impacting the WordPress plugin Front File Manager versions 17.1 and 18.2, active on more than 2,000 websites.

Each file is saved in a private directory, so each user can manage their own files after login.

"It retrieves the user ID from the WordPress get current user id function if the user is authenticated, or from the plugin's wpfm guest user id option if the user is not logged-in," researchers explained.

Authenticated Settings Change and Arbitrary File Upload. Another issue allows an authenticated user to modify the plugin's settings.

The problem is that the plugin doesn't verify that the user is allowed to delete the corresponding post, and it lacks a security nonce.

News URL

https://threatpost.com/frontend-file-manager-wordpress-bugs/167687/

#critical #management #wordpress

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		7	2	95	44	18	159
Plugin		2	0	13	1	0	14

News URL

Related news

Related vendor