CVE-2026-8379
Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Download
The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating identifiers.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Unknown · Frontend File Manager Pluginpublic PoCs found — 1
cve_referencewpscan.com/vulnerability/71619406-19bb-437f-9538-fdf73de98827/unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →