CVE-2023-5105
Frontend File Manager < 22.6 - Editor+ Arbitrary File DownloadThe Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php`
We have discovered 15 live websites that are affected by CVE-2023-5105.
Affected Software
| Product |  Nmedia User File Uploader |
| Category | Wordpress Plugins |
| Vulnerable Domains | 15 live websites (100% of Nmedia User File Uploader install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 1 versions ( 100% of all versions) |
Common Weakness Enumeration
CWE-200 Exposure of Sensitive Information to an Unauthorized ActorDetails
- Published - Dec 4, 2023
- Updated - Aug 2, 2024
Credits
- Dmitrii Ignatyev (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2023-5105 United States | 6 websites |
 Italy | 2 websites |
 Russia | 2 websites |
 Australia | 1 websites |
 Colombia | 1 websites |
 Greece | 1 websites |
 Netherlands | 1 websites |
 Vietnam | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2023-5105| .com | 5 websites |
| .it | 2 websites |
| .com.au | 1 websites |
| .nl | 1 websites |
| .org | 1 websites |
| .ru | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-5105
Top websites that are affected by CVE-2023-5105. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.org | United States | *,***,*** | |
| *************.com | United States | *,***,*** | |
| *****.ru | Russia | **,***,*** | |
| ***********.com | United States | **,***,*** | |
| ********.biz | Russia | **,***,*** | |
| ****************.com | United States | **,***,*** | |
| *************.nl | Netherlands | **,***,*** | |
| ***********.***.vn | Vietnam | **,***,*** | |
| **************.com | United States | **,***,*** | |
| ************.com | United States | **,***,*** |
FAQ
CVE-2023-5105 is Exposure of Sensitive Information to an Unauthorized Actor in Nmedia User File Uploader
A total of 15 websites have been identified as vulnerable to CVE-2023-5105, based on global website indexing conducted by WebTechSurvey.
The Nmedia User File Uploader is affected by the CVE-2023-5105 vulnerability.
Nmedia User File Uploader versions up to 22.6 are vulnerable to CVE-2023-5105.
CVE-2023-5105 is resolved in version 22.6 of Nmedia User File Uploader.