CVE-2021-4344: 
WordPress vulnerability analysis and mitigation

The Frontend File Manager plugin for WordPress (CVE-2021-4344) is vulnerable to Privilege Escalation in versions up to and including 18.2. The vulnerability was discovered and disclosed in June 2023. The issue affects the WordPress plugin with over 2,000+ active installations and stems from mishandling the use of user IDs that are accessible by visitors (NVD, NinTechNet).

The vulnerability exists in the wpfmgetcurrentuser function from the plugin's helpers.php file. The function retrieves the user ID either from WordPress getcurrentuserid function for authenticated users or from the plugin's wpfmguestuserid option for unauthenticated users. However, any user can override the $currentuserid by manipulating the $GET['file_owner'] variable, leading to privilege escalation. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N (NinTechNet).

This vulnerability allows both authenticated and unauthenticated attackers to access information and privileges of other users, including 'guest users' within their own category. An attacker can effectively elevate their privileges by impersonating other users through manipulation of the user ID parameter (NVD).

Users are strongly advised to update their Frontend File Manager plugin to version 18.3 or later, which contains fixes for this vulnerability. The update was released on June 26, 2021. If updates are not immediately possible, it is recommended to consider disabling the plugin until it can be updated (NinTechNet).