CVE-2023-4930— Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing

EPSS 0.10% · P26 Updated Feb 27, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-4930

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing

Source: NVD (National Vulnerability Database)

Vulnerability Description

The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

WordPress Plugin Front End PM 信息泄露漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin Front End PM 11.4.3之前版本存在信息泄露漏洞，该漏洞源于如果启用了 Web 服务器的自动索引功能，则会列出存储私人消息附件的目录，攻击者利用该漏洞可以列出和下载私人附件。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Unknown	Front End PM	0 ~ 11.4.3	-

II. Public POCs for CVE-2023-4930

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-4930

请登录查看更多情报信息。

https://wpscan.com/vulnerability/c73b3276-e6f1-4f22-a888-025e5d0504f2exploitvdb-entrytechnical-description
https://nvd.nist.gov/vuln/detail/CVE-2023-4930

Same Patch Batch · Unknown · 2023-11-06 · 13 CVEs total

CVE-2023-5605		URL Shortify < 1.7.9.1 - Admin+ Stored XSS
CVE-2023-5355		Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion
CVE-2023-5601		WooCommerce Ninja Forms Product Add-ons < 1.7.1 - Unauthenticated Arbitrary File Upload
CVE-2023-5530		Ninja Forms < 3.6.34 - Admin+ Stored XSS
CVE-2023-5181		WP Discord Invite < 2.5.2 - Admin+ Stored Cross Site Scripting
CVE-2023-4858		WP Simple Table Manager Plugin <= 1.5.6 - Admin+ Stored Cross-Site Scripting
CVE-2023-4810		Responsive Pricing Table < 5.1.8 - Admin+ Stored Cross-Site Scriping
CVE-2023-5352		Awesome Support < 6.1.5 - Insufficient permission check in wpas_edit_reply
CVE-2023-5228		User Registration < 3.0.4.2 - Admin+ Stored XSS
CVE-2023-5082		History Log by click5 < 1.0.13 - Admin+ Time-Based Blind SQL Injection
CVE-2023-5354		Awesome Support < 6.1.5 - Reflected Cross-Site Scripting
CVE-2023-5454		Templately < 2.2.6 - Arbitrary post trashing via Missing Authorization

IV. Related Vulnerabilities

Same vendor: Unknown

V. Comments for CVE-2023-4930

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-4930— Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing

I. Basic Information for CVE-2023-4930

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-4930

III. Intelligence Information for CVE-2023-4930

Same Patch Batch · Unknown · 2023-11-06 · 13 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-4930

Leave a comment