CVE-2021-4350 Vulnerability Analysis & Exploit Details

CVE-2021-4350 Vulnerability Summary

CVE-2021-4350: The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfm_send_file_in_email AJAX action. This makes it possible for unauthenticated attackers to send emails using the site with a custom subject, recipient email, and body with unsanitized HTML content. This effectively lets the attacker use the site as a spam relay.

Exploit Prediction Scoring System (EPSS)

The EPSS score estimates the probability that this vulnerability will be exploited in the near future.

EPSS Score: 0.105% (probability of exploit)

EPSS Percentile: 45.06% (lower percentile = lower relative risk)
This vulnerability is less risky than approximately 54.94% of others.

CVE-2021-4350 References

External References

• https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/
• https://www.wordfence.com/threat-intel/vulnerabilities/id/49150180-9de0-4318-b21b-779daaeb7a52?source=cve
• https://blog.nintechnet.com/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities/
• https://www.wordfence.com/threat-intel/vulnerabilities/id/49150180-9de0-4318-b21b-779daaeb7a52?source=cve

CWE Common Weakness Enumeration

CAPEC Common Attack Pattern Enumeration and Classification

• Exploitation of Thunderbolt Protection Flaws CAPEC-665 An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.

Vulnerable Configurations

• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:-:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:-:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.0:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.0:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.1:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.1:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.2:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.2:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.3:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.3:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.4:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.4:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.5:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.5:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.6:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.6:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.7:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.7:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.8:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:1.8:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:2.0:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:2.0:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:2.1:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:2.1:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.0:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.0:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.1:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.1:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.2:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.2:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.3:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.3:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.4:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.4:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.5:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.5:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.6:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.6:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.7:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.7:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.8:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.8:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.9:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:3.9:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:4.0:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:4.0:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:4.1:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:4.1:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:5.0:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:5.0:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:5.1:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:5.1:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:5.2:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:5.2:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.0:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.0:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.1:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.1:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.2:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.2:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.3:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.3:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.4:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.4:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.5:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.5:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.6:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.6:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.7:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.7:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.8:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.8:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.9:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:13.9:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.0:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.0:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.1:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.1:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.2:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.2:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.3:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.3:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.4:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.4:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.5:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.5:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.6:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.6:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.7:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.7:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.8:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.8:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.9:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:14.9:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.0:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.0:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.1:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.1:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.2:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.2:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.3:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.3:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.4:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.4:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.5:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.5:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.6:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.6:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.7:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.7:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.8:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.8:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.9:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:15.9:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:16.0:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:16.0:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:17.0:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:17.0:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:17.1:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:17.1:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:18.0:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:18.0:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:18.1:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:18.1:*:*:*:*:wordpress:*:*
• cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:18.2:*:*:*:*:wordpress:*:*
  cpe:2.3:a:najeebmedia:frontend_file_manager_plugin:18.2:*:*:*:*:wordpress:*:*

Other 5 Recently Published CVEs Vulnerabilities

• CVE-2025-3803 – A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysSc...
• CVE-2025-3802 – A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the functi...
• CVE-2025-3801 – A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the componen...
• CVE-2025-3800 – A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/co...
• CVE-2025-3799 – A vulnerability, which was classified as critical, was found in WCMS 11. Affected is an unknown function of the file app/controllers/AnonymousContr...