CVE-2025-14804

CWE-734 documents4 sources
Severity
7.7HIGH
EPSS
0.0%
top 88.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Unknown Frontend File Manager Plugin
Timeline
PublishedJan 7

Description

The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:NExploitability: 3.1 | Impact: 4.0

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
Frontend File Manager < 23.5 - Subscriber+ Arbitrary File Deletion2026-01-07
GHSA
GHSA-gw75-x5g3-fh33: The Frontend File Manager Plugin WordPress plugin before 232026-01-07

🕵️Threat Intelligence

1
Wiz
CVE-2025-14804 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-14804 (HIGH CVSS 7.7) | The Frontend File Manager Plugin Wo | cvebase.io