CVE-2022-2356
NVD: The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded.
8.8 Severity
HIGH EPSS
0.0078 (51) KEV
-
Source-published summary
NVD: The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded.
Possible impact
This high severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for high severity review.
Affected context
vendor/product: mediajedi / user_private_files
Remediation / advisory
Remediation reference present; patch status requires confirmation in the linked advisory.
Why it matters
This high severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for high severity review.; CVSS 8.8 (HIGH); EPSS percentile 51; not listed in KEV; Remediation reference present; patch status requires confirmation in the linked advisory; sources: NVD.
What to verify
Confirm affected product/version, vendor advisory, patch or mitigation, and exposure.
Exposure hint
exposure unknown
Impact tags
Urgency reasons
Source-derived note
Summary derived from NVD description; unsafe procedural detail is not shown.
Redaction metadata
- source summary used
- True
- fallback summary used
- False
- unsafe procedural detail present
- false
- raw source displayed
- false
- public summary redacted
- true
Remediation handoff
Public-safe static handoff for human/Codex remediation planning. Scan, patch, external execution, and auto remediation are disabled.
Safety note
This radar shows source-published defensive context only. Exploit procedures, exploit strings, scanner commands, and auto-remediation are not provided.