CVE-2026-8379

Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Download

CVSS 7.5 HIGHEPSS 0.2%

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating identifiers.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Productos afectados

Unknown · Frontend File Manager Plugin

PoCs públicas encontradas — 1

cve_referencewpscan.com/vulnerability/71619406-19bb-437f-9538-fdf73de98827/no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://wpscan.com/vulnerability/71619406-19bb-437f-9538-fdf73de98827/