Unrated severityNVD Advisory· Published Nov 6, 2023· Updated Feb 26, 2025

Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing

CVE-2023-4930

Description

The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

Affected products

WordPress/Front End Pminferred
Range: <11.4.3
Package: https://wordpress.org/plugins/front-end-pm

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/c73b3276-e6f1-4f22-a888-025e5d0504f2mitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000