Vulnerabilities > Najeebmedia > Frontend File Manager Plugin > 20.7

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-04	CVE-2023-5105	Path Traversal vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php` network low complexity najeebmedia CWE-22	6.5
2022-10-17	CVE-2022-3126	Cross-Site Request Forgery (CSRF) vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf network low complexity najeebmedia CWE-352	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.