CVE-2022-3124

MEDIUM EXPLOITED NUCLEI

Najeebmedia Frontend File Manager < 21.3 - Missing Authorization

Title source: rule

Description

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server

Nuclei Templates (1)

Frontend File Manager < 21.3 - Unauthenticated File Renaming

MEDIUMVERIFIEDby riteshs4hu

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608

Scores

CVSS v3 5.3

EPSS 0.0866

EPSS Percentile 92.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

VulnCheck KEV 2022-09-07

CWE

CWE-862

Status published

Products (1)

najeebmedia/frontend_file_manager < 21.3

Published Oct 03, 2022

Tracked Since Feb 18, 2026