CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

210 matches found

EUVD-2026-38419

The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitted to the frontend file-rename endpoint before storing it as post meta and rendering it back on the admin File Manager listing, leading to a Stored Cross-Site Scripting vulnerability...

5.9AI score

Exploits0References1

EUVD•added 6 hours ago•4 views

EUVD-2026-38420

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating...

5.9AI score

Exploits0References1

CVE•added 6 hours ago•7 views

CVE-2026-8378

Affected software: Frontend File Manager Plugin for WordPress (up to version 23.6). Vulnerability: It does not sanitise or escape a filename submitted to the frontend file-rename endpoint, allowing the filename to be stored as post meta and rendered in the admin File Manager listing. Impact: Stor...

5.9AI score

Exploits0References1

CVE•added 6 hours ago•9 views

CVE-2026-8379

The CVE-2026-8379 entry relates to the Frontend File Manager Plugin for WordPress (up to version 23.6). The root cause is improper enforcement of the nonce check on the file download handler, enabling unauthenticated attackers to download files uploaded by any user by iterating identifiers. This ...

5.9AI score

Exploits0References1

Nuclei•added yesterday•14 views

WordPress Frontend File Manager < 4.0 & N-Media Post Frontend < 1.1 - Arbitrary File Upload

The Frontend File Manager plugin 4.0 and N-Media Post Front-end Form plugin 1.1 for WordPress were vulnerable to arbitrary file uploads due to missing file type validation. This allowed unauthenticated attackers to upload arbitrary files and potentially achieve remote code execution. id:...

9.8CVSS6.3AI score0.05515EPSS

Exploits2References5

Nuclei•added yesterday•18 views

Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending

Frontend File Manager Plugin WordPress plugin through 23.5 contains an open relay and unauthorized file access vulnerability caused by lack of authentication and security checks, letting unauthenticated attackers send emails and access files, exploit requires no authentication. id: CVE-2026-0829...

5.8CVSS5.8AI score0.00682EPSS

Exploits0References4

Nuclei•added yesterday•14 views

Frontend File Manager < 21.3 - Unauthenticated File Renaming

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server id:...

5.3CVSS6.2AI score0.06199EPSS

Exploits2References2

GithubExploit•added 2026/05/28 1:56 p.m.•78 views

Exploit for CVE-2026-8380

CVE-2026-8380 CVE-2026-8380 — Frontend File Manager = 23.6...

6AI score

Exploits1

RedhatCVE•added 2026/05/04 8:21 p.m.•5 views

CVE-2026-5337

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...

6.5CVSS5.8AI score0.00212EPSS

Exploits0References1

NVD•added 2026/05/03 7:16 a.m.•18 views

CVE-2026-5337

6.5CVSS0.00212EPSS

Exploits0References1

Cvelist•added 2026/05/03 6:0 a.m.•37 views

CVE-2026-5337 Frontend File Manager Plugin <= 23.6 - Subscriber+ Arbitrary Download Access via IDOR

0.00212EPSS

Exploits0References1

EUVD•added 2026/05/03 6:0 a.m.•3 views

EUVD-2026-26818

5.8AI score0.00212EPSS

Exploits0References1

ATTACKERKB•added 2026/05/03 6:0 a.m.•3 views

CVE-2026-5337

5.8AI score0.00212EPSS

Exploits0References1

CVE•added 2026/05/03 6:0 a.m.•17 views

CVE-2026-5337

CVE-2026-5337 affects the WordPress plugin “Frontend File Manager” (versions up to 23.6). The issue is an insecure direct object reference (IDOR) in the download endpoint that does not properly validate authorizations for requested uploaded files. A Subscriber-level or higher authenticated user c...

6.5CVSS5.8AI score0.00212EPSS

Exploits0References1

Positive Technologies•added 2026/05/03 12:0 a.m.•6 views

PT-2026-36684

5.8AI score0.00212EPSS

Exploits0References2

RedhatCVE•added 2026/02/20 1:26 p.m.•3 views

CVE-2026-25005

Authorization Bypass Through User-Controlled Key vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.5...

5.3CVSS5.5AI score0.00325EPSS

Exploits0References1

NVD•added 2026/02/19 9:16 a.m.•4 views

CVE-2026-25005

5.3CVSS0.00325EPSS

Exploits0References1

CVE•added 2026/02/19 8:26 a.m.•9 views

CVE-2026-25005

CVE-2026-25005 affects WordPress Frontend File Manager plugin versions up to and including 23.5, with an Insecure Direct Object References (IDOR) vulnerability that enables an Authorization Bypass through a user-controlled key, due to misconfigured access controls in the nmedia-user-file-uploader...

5.3CVSS5.4AI score0.00325EPSS

Exploits0References1

Cvelist•added 2026/02/19 8:26 a.m.•28 views

CVE-2026-25005 WordPress Frontend File Manager plugin <= 23.5 - Insecure Direct Object References (IDOR) vulnerability

5.3CVSS0.00325EPSS

Exploits0References1

ATTACKERKB•added 2026/02/19 8:26 a.m.•2 views

CVE-2026-25005

5.5AI score0.00325EPSS

Exploits0References2

Rows per page