CVE-2022-3124 The Frontend File Manager Plugin before 21.3 allows any unauthenticated user to rename uploaded files.

or outside of WordPress. A malicious user could rename a plugin file, for example, rename wp-config.php to wp-config-remote.php and access a different configuration. This could potentially allow them to gain access to the system as a user with administrator privileges. We recommend all users update to the latest version of the plugin as soon as possible.

The Frontend File Manager plugin has been updated to address these security issues. We recommend all users update to the latest version.

What to do if you are still using an older version of the plugin

If you are using an older version of the plugin, we recommend that you update to the latest version.

Summary of the Frontend File Manager plugin security issues

The Frontend File Manager plugin was vulnerable to a security issue that allowed a malicious user to gain access to a different configuration. If you are using this plugin, update to the latest version as soon as possible. This vulnerability has been addressed in the latest version of the plugin.

Timeline

Published on: 10/03/2022 14:15:00 UTC
Last modified on: 10/04/2022 20:42:00 UTC

References

• https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3124