Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 2025/11/25 7:28 a.m.4 views

CVE-2025-13382 Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming

The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...

4.3CVSS0.0019EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/07/25 12:0 a.m.4 views

PT-2025-30738 · WordPress · Frontend File Manager Plugin

Name of the Vulnerable Software and Affected Versions: Frontend File Manager Plugin for WordPress versions prior to 21.5 Description: The plugin is susceptible to unauthorized data loss due to a missing capability check within the wpfm delete multiple files function. This allows unauthenticated...

7.5CVSS6.6AI score0.00303EPSS
Exploits0References5
CNNVD
CNNVDadded 2024/03/17 12:0 a.m.3 views

WordPress Plugin Frontend File Manager Plugin Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

7.5CVSS6AI score0.00453EPSS
Exploits0References2
CVE
CVEadded 2022/10/17 12:0 a.m.61 views

CVE-2022-3126

CVE-2022-3126 concerns the WordPress plugin Frontend File Manager (prior to version 21.4). The issue is a missing CSRF check during file uploads, enabling an attacker to cause a logged-in user to upload files on the attacker’s behalf. Documented impact is limited to file upload behavior with no b...

4.3CVSS4.5AI score0.00267EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologiesadded 2022/10/03 12:0 a.m.3 views

PT-2022-20633

Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin WordPress plugin versions prior to 21.3 Description The issue allows any unauthenticated user to rename uploaded files from users. Due to the lack of validation in the destination filename, this could allow them to...

5.3CVSS6AI score0.06199EPSS
Exploits2References7
VulnCheck KEV
VulnCheck KEVadded 2022/09/07 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-3124

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...

5.3CVSS6.2AI score0.06199EPSS
Exploits2References1
WPVulnDB
WPVulnDBadded 2015/06/10 12:0 a.m.8 views

N-Media File Uploader <= 3.7 - Arbitrary File Upload

The Frontend File Manager Plugin WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

2.9AI score
Exploits0References1Affected Software1
Rows per page
Query Builder