CVE-2023-5105

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
04/12/2023
Last modified:
07/12/2023

Description

The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php`

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:*:*:*:*:*:wordpress:*:* 22.6 (excluding)