{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-3126","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","assignerShortName":"WPScan","dateUpdated":"2025-05-14T15:34:28.120Z","dateReserved":"2022-09-05T00:00:00.000Z","datePublished":"2022-10-17T00:00:00.000Z"},"containers":{"cna":{"title":"Frontend File Manager < 21.4 - File Upload via CSRF","providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2022-10-17T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf"}],"affected":[{"vendor":"Unknown","product":"Frontend File Manager Plugin","versions":[{"version":"21.4","status":"affected","lessThan":"21.4","versionType":"custom"}]}],"references":[{"url":"https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8"}],"credits":[{"lang":"en","value":"Raad Haddad of Cloudyrion GmbH"}],"problemTypes":[{"descriptions":[{"type":"CWE","description":"CWE-352 Cross-Site Request Forgery (CSRF)","cweId":"CWE-352","lang":"en"}]}],"x_generator":"WPScan CVE Generator","source":{"discovery":"EXTERNAL"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T01:00:09.662Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8","tags":["x_transferred"]}]},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4.3,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","integrityImpact":"LOW","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-05-14T15:33:54.279775Z","id":"CVE-2022-3126","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-14T15:34:28.120Z"}}]}}