11 matches found
EUVD-2026-16256
Sakai is a Collaboration and Learning Environment CLE. In versions 23.0 through 23.4 and 25.0 through 25.1, group titles and description can contain cross-site scripting scripts. The patch is included in releases 25.2 and 23.5. As a workaround, one can check the SAKAISITEGROUP table for titles an...
CVE-2026-25005
Authorization Bypass Through User-Controlled Key vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.5...
CVE-2026-25005
Authorization Bypass Through User-Controlled Key vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.5...
PT-2026-20676
Authorization Bypass Through User-Controlled Key vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.5...
CVE-2026-0829 Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending
The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access a...
CVE-2026-0829
The CVE-2026-0829 entry concerns the Frontend File Manager Plugin for WordPress (up to version 23.5). It states unauthenticated users can relay emails through the site and access/share uploaded files by guessing file IDs, exposing sensitive information and enabling spam/phishing use. The descript...
WordPress Frontend File Manager plugin < 23.5 - Subscriber+ Arbitrary File Deletion vulnerability
Subscriber+ Arbitrary File Deletion vulnerability discovered by Gregory Allegoet & Bakir Tuči in WordPress Plugin Frontend File Manager versions 23.5...
CVE-2026-1280
CVE-2026-1280 affects the WordPress Frontend File Manager Plugin, versions up to 23.5. The vulnerability stems from a missing capability check on the AJAX action wpfm_send_file_in_email, allowing unauthenticated attackers to share arbitrary uploaded files by supplying a file_id. File IDs are sequ...
WordPress Plugin Frontend File Manager Plugin Security Vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2025-14804
The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server...
PT-2026-1562
Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin versions prior to 23.5 Description The Frontend File Manager Plugin for WordPress did not properly check a file path and who owned the file. This allowed any logged-in user, even those with limited permissions like...