Critical severity9.8NVD Advisory· Published Oct 16, 2024· Updated Jun 17, 2026
CVE-2016-15042
CVE-2016-15042
Description
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the nm_filemanager_upload_file and nm_postfront_upload_file AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- Range: <1.1
<4.0+ 1 more
- (no CPE)range: <4.0
- (no CPE)
- nmedia/Frontend File Manager Pluginv5Range: 0
- Range: 0
Patches
Vulnerability mechanics
References
6- www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-front-end-file-upload-and-manager-plugin/nvdExploitThird Party Advisory
- www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-n-media-post-front-end-form/nvdExploitThird Party Advisory
- wpscan.com/vulnerability/052f7d9a-aaff-4fb1-92b7-aeb83cc705a7nvdThird Party Advisory
- www.acunetix.com/vulnerabilities/web/wordpress-plugin-n-media-post-front-end-form-arbitrary-file-upload-1-0/nvdThird Party Advisory
- www.wordfence.com/threat-intel/vulnerabilities/id/2c1e6298-f243-49a5-b1b7-52bd6a6c8858nvdThird Party Advisory
- wordpress.org/plugins/nmedia-user-file-uploader/nvdProduct
News mentions
0No linked articles in our index yet.