Frontend File Manager WordPress Plugin Insecure Direct Object Reference Vulnerability

A vulnerability allowing Insecure Direct Object Reference (IDOR) attacks has been identified in the Frontend File Manager WordPress plugin, affecting versions through 23.6. Authenticated attackers with Subscriber-level access or higher can exploit this vulnerability by manipulating the 'file_id' parameter in download requests. The plugin fails to properly validate user authorization, allowing access to files belonging to other users, including administrators. This exploitation leads to unauthorized access to sensitive data within the application.

Impact

Exploitation of this vulnerability allows unauthorized access to files belonging to other users, including those with privileged accounts such as administrators. This could result in the disclosure of sensitive information stored within the application.

Reproduction

To reproduce this vulnerability, log in to WordPress as an administrator and upload a confidential file using the Frontend File Manager plugin. Copy the download link for this file. Then, log in with a low-privileged account, such as a Subscriber, and navigate to a page where the plugin is active. Upload a regular file and copy its download link. Modify the 'file_id' parameter in the link to replace it with the 'file_id' of the confidential file uploaded by the administrator. Access the modified link using the low-privileged account. The confidential file will be downloaded, demonstrating the IDOR vulnerability.