CVE-2023-7306Missing Authorization in Frontend File Manager Plugin

CWE-862Missing Authorization3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 60.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nmedia Frontend File Manager Plugin
Timeline
PublishedJul 25

Description

The Frontend File Manager Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpfm_delete_multiple_files() function in all versions up to, and including, 21.5. This makes it possible for unauthenticated attackers to delete arbitrary posts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-76rx-7pv8-wf99: The Frontend File Manager Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpfm_delete_2025-07-25
CVEList
Frontend File Manager <= 21.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion2025-07-25
CVE-2023-7306 — Missing Authorization | cvebase