GCVE - cpe:2.3:a:najeebmedia:frontend_file_manager:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:najeebmedia:frontend_file_manager:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Najeebmedia (`d066f5a7-be8a-5e7a-abb2-c55aeccdf95a`)
Product	Frontend File Manager (`25ee591e-7260-5eac-a6b0-44661c77809b`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-25903`	vulnerable	2026-06-08 06:31:23.969918	WordPress Frontend File Manager Plugin plugin <= 22.7 - Sensitive Data Exposure vulnerability MEDIUM (5.3) Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7. Published: 2024-03-17T16:17:19.335Z Updated: 2026-04-28T16:09:13.246Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/nmedia-user-file-uploader/wordpress-frontend-file-manager-plugin-plugin-22-7-sensitive-data-exposure-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-3125`	vulnerable	2026-06-08 05:47:19.518711	Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE Published: 2022-10-03T13:45:26.000Z Updated: 2024-08-03T01:00:10.419Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/d3d9dc9a-226b-4f76-995e-e2af1dd6b17e	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-3124`	vulnerable	2026-06-08 05:47:19.518319	Frontend File Manager < 21.3 - Unauthenticated File Renaming The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server Published: 2022-10-03T13:45:25.000Z Updated: 2024-08-03T01:00:10.519Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-15042`	vulnerable	2026-06-08 05:07:26.249996	Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload CRITICAL (9.8) The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. Published: 2024-10-16T07:31:49.718Z Updated: 2026-04-08T16:43:49.032Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/2c1e6298-f243-49a5-b1b7-52bd6a6c8858?source=cve https://www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-front-end-file-upload-and-manager-plugin/ https://wordpress.org/plugins/nmedia-user-file-uploader/#developers https://wpscan.com/vulnerability/052f7d9a-aaff-4fb1-92b7-aeb83cc705a7 https://www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-n-media-post-front-end-form/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Frontend File Manager

PURL mappings

Vulnerability references

Contribute