{
  "CVE_data_meta": {
    "ID": "CVE-2022-3126",
    "ASSIGNER": "contact@wpscan.com",
    "STATE": "PUBLIC",
    "TITLE": "Frontend File Manager < 21.4 - File Upload via CSRF"
  },
  "data_format": "MITRE",
  "data_type": "CVE",
  "data_version": "4.0",
  "generator": "WPScan CVE Generator",
  "affects": {
    "vendor": {
      "vendor_data": [
        {
          "vendor_name": "Unknown",
          "product": {
            "product_data": [
              {
                "product_name": "Frontend File Manager Plugin",
                "version": {
                  "version_data": [
                    {
                      "version_affected": "<",
                      "version_name": "21.4",
                      "version_value": "21.4"
                    }
                  ]
                }
              }
            ]
          }
        }
      ]
    }
  },
  "description": {
    "description_data": [
      {
        "lang": "eng",
        "value": "The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf"
      }
    ]
  },
  "references": {
    "reference_data": [
      {
        "refsource": "MISC",
        "url": "https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8",
        "name": "https://wpscan.com/vulnerability/7db363bf-7bef-4d47-9963-c30d6fdd2fb8"
      }
    ]
  },
  "problemtype": {
    "problemtype_data": [
      {
        "description": [
          {
            "value": "CWE-352 Cross-Site Request Forgery (CSRF)",
            "lang": "eng"
          }
        ]
      }
    ]
  },
  "credit": [
    {
      "lang": "eng",
      "value": "Raad Haddad of Cloudyrion GmbH"
    }
  ],
  "source": {
    "discovery": "EXTERNAL"
  }
}