Lucene search
+L

3180 matches found

NVD
NVD
added 2026/06/23 7:16 a.m.15 views

CVE-2026-8379

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating...

7.5CVSS0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 6:0 a.m.7 views

CVE-2026-8378

The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitted to the frontend file-rename endpoint before storing it as post meta and rendering it back on the admin File Manager listing, leading to a Stored Cross-Site Scripting vulnerability...

5.4CVSS5.9AI score0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 6:0 a.m.42 views

CVE-2026-8378 Frontend File Manager Plugin <= 23.6 - Subscriber+ Stored Cross-Site Scripting via File Rename

The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitted to the frontend file-rename endpoint before storing it as post meta and rendering it back on the admin File Manager listing, leading to a Stored Cross-Site Scripting vulnerability...

0.00133EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 6:0 a.m.20 views

CVE-2026-8378

CVE-2026-8378 affects the WordPress plugin “Frontend File Manager” up to version 23.6. The vulnerability is a Stored Cross-Site Scripting (XSS) in the frontend file-rename endpoint: the plugin does not sanitize or escape the submitted filename before storing it as post meta and re-rendering it in...

5.4CVSS5.9AI score0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 6:0 a.m.43 views

CVE-2026-8379 Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Download

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating...

0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 6:0 a.m.9 views

CVE-2026-8379

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating...

5.9AI score0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 6:0 a.m.18 views

CVE-2026-8379

The CVE-2026-8379 entry concerns the Frontend File Manager Plugin for WordPress (≤ 23.6). The vulnerability is a failure to properly enforce nonce verification on the file download handler, enabling unauthenticated attackers to download files uploaded by any user by iterating identifiers. The iss...

7.5CVSS5.9AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 6:0 a.m.12 views

EUVD-2026-38419

The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitted to the frontend file-rename endpoint before storing it as post meta and rendering it back on the admin File Manager listing, leading to a Stored Cross-Site Scripting vulnerability...

5.4CVSS5.9AI score0.00133EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 6:0 a.m.11 views

EUVD-2026-38420

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating...

7.5CVSS5.9AI score0.0024EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.18 views

PT-2026-51479

Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin versions prior to 23.7 Description An issue exists where the file download handler does not properly enforce its nonce check. A nonce number used once is a security token used to prevent cross-site request forgery...

7.5CVSS5.7AI score0.0024EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51478

Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin versions prior to 23.7 Description Insufficient sanitization and escaping of filenames submitted to the frontend file-rename endpoint allows a Stored Cross-Site Scripting XSS issue. This occurs when the filename is...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/06/15 10:7 a.m.94 views

Exploit for CVE-2026-37072

CVE-2026-37072 Veno File Manager Project Veno File Manager Pro...

5.4AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/15 10:0 a.m.93 views

Exploit for CVE-2026-37071

CVE-2026-37071 Arbitrary File Rename Leading to Privilege Esca...

5.4AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/15 9:30 a.m.85 views

Exploit for CVE-2026-37066

CVE-2026-37066 Path traversal leading to Arbitrary File Read i...

5.2AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/15 9:24 a.m.84 views

Exploit for CVE-2026-37065

CVE-2026-37065 Veno File Manager Project 4.4.9 is vulnerable t...

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/15 12:0 a.m.71 views

📄 InnoShop 0.8.2 File Manager File Deletion / Path Traversal

This Metasploit module exploits a path traversal vulnerability in the InnoShop version 0.8.2's File Manager API. The destroyFiles endpoint does not properly validate file paths, allowing an authenticated administrator to escape the intended media/storage sandbox using ../ sequences...

7.1CVSS5.4AI score0.00175EPSS
Exploits1
GithubExploit
GithubExploit
added 2026/06/11 2:19 p.m.129 views

Exploit for CVE-2026-10795

CVE-2026-10795 UpdraftPlus Auto-Exploit & Mass Scanner Au...

8.1CVSS5.5AI score0.03578EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.17 views

CVE-2026-25558

QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG files uploaded throu...

4.8CVSS5.5AI score0.0023EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 3:16 p.m.16 views

CVE-2026-25558

QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG files uploaded throu...

4.8CVSS0.0023EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 2:1 p.m.14 views

EUVD-2026-35071

QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG files uploaded throu...

4.8CVSS5.5AI score0.0023EPSS
Exploits0References2
Rows per page
Query Builder