Vulnerabilities > Najeebmedia > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-04 CVE-2023-5105 Path Traversal vulnerability in Najeebmedia Frontend File Manager Plugin
The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php`
network
low complexity
najeebmedia CWE-22
6.5
6.5
2023-06-07 CVE-2021-4344 Unspecified vulnerability in Najeebmedia Frontend File Manager Plugin
The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2.
network
low complexity
najeebmedia
5.4
5.4
2023-06-07 CVE-2021-4350 Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2.
network
low complexity
najeebmedia CWE-862
5.3
5.3
2023-06-07 CVE-2021-4351 Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2.
network
low complexity
najeebmedia CWE-862
5.3
5.3
2023-06-07 CVE-2021-4359 Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2.
network
low complexity
najeebmedia CWE-862
5.3
5.3
2023-06-07 CVE-2021-4365 Cross-site Scripting vulnerability in Najeebmedia Frontend File Manager Plugin
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to, and including, 18.2.
network
low complexity
najeebmedia CWE-79
6.1
6.1
2023-06-07 CVE-2021-4369 Missing Authorization vulnerability in Najeebmedia Frontend File Manager Plugin
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2.
network
low complexity
najeebmedia CWE-862
5.3
5.3
2022-10-17 CVE-2022-3126 Cross-Site Request Forgery (CSRF) vulnerability in Najeebmedia Frontend File Manager Plugin
The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf
network
low complexity
najeebmedia CWE-352
4.3
4.3
2022-10-03 CVE-2022-3124 Missing Authorization vulnerability in Najeebmedia Frontend File Manager
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users.
network
low complexity
najeebmedia CWE-862
5.3
5.3
2019-08-12 CVE-2019-14948 Cross-site Scripting vulnerability in Najeebmedia Ppom for Woocommerce
The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure.
network
low complexity
najeebmedia CWE-79
5.4
5.4