nmedia — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting nmedia. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by nmedia:Frontend File Manager Plugin Admin and Customer Messages After Order for WooCommerce: OrderConvo Simple User Registration Comments Extra Fields For Post,Pages and CPT 2Checkout Payment Gateway for WooCommerce N-Media Post Front-end Form GoHero Store Customizer for WooCommerce Easy Quiz Maker

CVE ID	Title	CVSS	Severity	Published
CVE-2026-1280	Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter — Frontend File Manager PluginCWE-862	7.5	High	2026-01-28
CVE-2026-0844	Simple User Registration <= 6.7 - Authenticated (Subscriber+) Privilege Escalation via profile_save_field — Simple User RegistrationCWE-284	8.8	High	2026-01-28
CVE-2025-13382	Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming — Frontend File Manager PluginCWE-639	4.3	Medium	2025-11-25
CVE-2025-13389	Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated Information Disclosure — Admin and Customer Messages After Order for WooCommerce: OrderConvoCWE-639	5.3	Medium	2025-11-25
CVE-2025-13452	Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated User Impersonation in Order Messages — Admin and Customer Messages After Order for WooCommerce: OrderConvoCWE-639	4.3	Medium	2025-11-25
CVE-2025-12160	Simple User Registration <= 6.6 - Unauthenticated Stored Cross-Site Scripting — Simple User RegistrationCWE-79	7.2	High	2025-11-21
CVE-2023-7306	Frontend File Manager <= 21.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion — Frontend File Manager PluginCWE-862	7.5	High	2025-07-25
CVE-2025-4334	Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation — Simple User RegistrationCWE-269	9.8	Critical	2025-06-26
CVE-2024-13456	Easy Quiz Maker <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Easy Quiz MakerCWE-79	6.4	Medium	2025-02-12
CVE-2024-12826	GoHero Store Customizer for WooCommerce <= 3.5 - Missing Authorization to Unuthenticated Settings Update — GoHero Store Customizer for WooCommerceCWE-862	4.3	Medium	2025-01-25
CVE-2024-13355	Admin and Customer Messages After Order for WooCommerce <= 13.2 - Authenticated (Subscriber+) Limited File Upload to Cross-Site Scripting — Admin and Customer Messages After Order for WooCommerce: OrderConvoCWE-434	5.4	Medium	2025-01-16
CVE-2016-15042	Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload — N-Media Post Front-end FormCWE-434	9.8	Critical	2024-10-16
CVE-2024-0629	2Checkout Payment Gateway for WooCommerce <= 6.2 - Missing Authorization via sniff_ins — 2Checkout Payment Gateway for WooCommerceCWE-862	5.3	Medium	2024-05-02
CVE-2024-0829	Comments Extra Fields For Post,Pages and CPT <= 5.0 - Missing Authorization — Comments Extra Fields For Post,Pages and CPTCWE-862	4.3	Medium	2024-03-13
CVE-2024-0830	Comments Extra Fields For Post,Pages and CPT <= 5.0 - Cross-Site Request Forgery — Comments Extra Fields For Post,Pages and CPTCWE-352	4.3	Medium	2024-03-13
CVE-2021-4369	Frontend File Manager <= 18.2 - Unauthenticated Content Injection — Frontend File Manager PluginCWE-862	5.8	Medium	2023-06-07
CVE-2021-4368	Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload — Frontend File Manager PluginCWE-862	9.9	Critical	2023-06-07
CVE-2021-4365	Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting — Frontend File Manager PluginCWE-79	7.2	High	2023-06-07
CVE-2021-4359	Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion — Frontend File Manager PluginCWE-862	6.5	Medium	2023-06-07
CVE-2021-4356	Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download — Frontend File Manager PluginCWE-862	9.0	Critical	2023-06-07
CVE-2021-4351	Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change — Frontend File Manager PluginCWE-862	5.8	Medium	2023-06-07
CVE-2021-4350	Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails — Frontend File Manager PluginCWE-862	7.2	High	2023-06-07
CVE-2021-4344	Frontend File Manager <= 18.2 - Privilege Escalation — Frontend File Manager PluginCWE-285	6.4	Medium	2023-06-07

This page lists every published CVE security advisory associated with nmedia. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

nmedia — Vulnerabilities & Security Advisories 23