CVE-2022-3124
MEDIUM EXPLOITED NUCLEIFrontend File Manager Plugin < 21.3 - Unauthenticated Arbitrary File Write via File Rename
Title source: llmExploitation Summary
CVE-2022-3124 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server
Nuclei Templates (1)
Frontend File Manager < 21.3 - Unauthenticated File Renaming
MEDIUMVERIFIEDby riteshs4hu
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608
Scores
CVSS v3
5.3
EPSS
0.0620
EPSS Percentile
92.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
VulnCheck KEV
2022-09-07
CWE
CWE-862
Status
published
Products (1)
najeebmedia/frontend_file_manager
< 21.3
Published
Oct 03, 2022
Tracked Since
Feb 18, 2026