Vulnerabilities > Najeebmedia
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2024-13456 | Cross-site Scripting vulnerability in Najeebmedia Easy Quiz Maker The Easy Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wqt-question' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-20 | CVE-2024-49604 | Missing Authentication for Critical Function vulnerability in Najeebmedia Simple User Registration Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5. | 9.8 |
| 2024-10-16 | CVE-2016-15042 | Unrestricted Upload of File with Dangerous Type vulnerability in Najeebmedia Frontend File Manager and Post Front-End Form The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. | 9.8 |
| 2024-03-17 | CVE-2024-25903 | Unspecified vulnerability in Najeebmedia Frontend File Manager Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7. | 7.5 |
| 2024-03-13 | CVE-2024-0830 | Cross-Site Request Forgery (CSRF) vulnerability in Najeebmedia Comments Extra Fields The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. | 4.3 |
| 2023-12-04 | CVE-2023-5105 | Path Traversal vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php` | 6.5 |
| 2023-06-07 | CVE-2021-4344 | Unspecified vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. | 5.4 |
| 2023-06-07 | CVE-2021-4350 | Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. | 5.3 |
| 2023-06-07 | CVE-2021-4351 | Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. | 5.3 |
| 2023-06-07 | CVE-2021-4356 | Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Download in versions up to, and including, 18.2. | 9.8 |