Vulnerabilities > Najeebmedia > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-07 | CVE-2021-4368 | Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. | 8.8 |
| 2022-10-03 | CVE-2022-3125 | Unspecified vulnerability in Najeebmedia Frontend File Manager The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE | 8.8 |
| 2019-07-05 | CVE-2019-5979 | Cross-Site Request Forgery (CSRF) vulnerability in Najeebmedia Personalized Woocommerce Cart Page Cross-site request forgery (CSRF) vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |