213 matches found
WordPress Plugin Frontend File Manager Plugin Security Vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress Frontend File Manager plugin <= 23.5 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Mdr in WordPress Plugin Frontend File Manager versions = 23.5...
CVE-2025-14804
The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server...
CVE-2025-14804
The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server...
CVE-2025-14804
CVE-2025-14804 pertains to the Frontend File Manager Plugin for WordPress. The vulnerability arises from inadequate validation of a path parameter and file ownership, enabling any authenticated user (e.g., subscribers) to delete arbitrary files on the server. The issue is user-privilege scoped to...
CVE-2025-14804 Frontend File Manager < 23.5 - Subscriber+ Arbitrary File Deletion
The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server...
CVE-2025-14804 Frontend File Manager < 23.5 - Subscriber+ Arbitrary File Deletion
The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server...
WordPress plugin Frontend File Manager Plugin 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...
PT-2026-1562
Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin versions prior to 23.5 Description The Frontend File Manager Plugin for WordPress did not properly check a file path and who owned the file. This allowed any logged-in user, even those with limited permissions like...
CVE-2025-13382
The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...
CVE-2025-13382
The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...
CVE-2025-13382 Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming
The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...
EUVD-2025-199571
The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...
CVE-2025-13382
The CVE concerns the WordPress Frontend File Manager Plugin (versions up to 23.4). It is vulnerable to Insecure Direct Object Reference because the plugin does not validate file ownership before processing file rename requests via the REST endpoint /wpfm/v1/file-rename. This allows an authenticat...
WordPress Frontend File Manager plugin plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming vulnerability
Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary File Renaming vulnerability discovered by t.t.brothers in WordPress Plugin Frontend File Manager versions = 23.4...
WordPress Frontend File Manager Plugin Missing Authorization Vulnerability
WordPress Frontend File Manager Plugin is a plugin that allows users to upload, manage and share files through a frontend interface that supports secure storage and permission control. A lack of authorization vulnerability exists in WordPress Frontend File Manager Plugin, which can be exploited b...
CVE-2025-64265
Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.2...
EUVD-2025-163780
Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.2...
CVE-2025-64265
Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.2...
CVE-2025-64265
The CVE-2025-64265 entry describes a Missing Authorization vulnerability in the WordPress Frontend File Manager plugin’s nmedia-user-file-uploader, affecting versions ≤ 23.2. The underlying issue is Incorrectly Configured Access Control Security Levels that allows improper authorization. Several ...