CVE-2026-1280
published 2026-01-28CVE-2026-1280: The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_email'…
PriorityP349high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.29%
20.9th percentile
The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_email' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files via email by supplying a file ID. Since file IDs are sequential integers, attackers can enumerate all uploaded files on the site and exfiltrate sensitive data that was intended to be restricted to administrators only.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nmedia | frontend_file_manager_plugin | <= 23.5 | — |
| nyariv | sandboxjs | >= 0 < 0.8.36 | 0.8.36 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
SandboxJS: Sandbox Escape via Prop Object Leak in New Handler
ghsa·2026-04-03
CVE-2026-34217 [MEDIUM] CWE-668 SandboxJS: Sandbox Escape via Prop Object Leak in New Handler
SandboxJS: Sandbox Escape via Prop Object Leak in New Handler
## Description
A scope modification vulnerability exists in `@nyariv/sandboxjs` version 0.8.35 and below. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the `new` operator, exposing sandbox scope objects in the scope hierarchy to untrusted code; an unexpected and undesired exploit. While this could allow modifying scopes inside the sandbox, code evaluation remains sandboxed and prototypes remain protected throughout the execution.
## Vulnerable Code Location
### Primary: The `New` Operator Handler
**File**: `src/executor.ts`, lines 1275–1280
```typescript
addOps unknown, unknown[]>(
LispType.New,
({ done, a, b, context }) => {
if (!context.ctx.globalsWhitelist.has(a) && !cont
GHSA
GHSA-95g8-rf6q-22v9: The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_
ghsa_unreviewed·2026-01-28
CVE-2026-1280 [HIGH] CWE-862 GHSA-95g8-rf6q-22v9: The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_
The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_email' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files via email by supplying a file ID. Since file IDs are sequential integers, attackers can enumerate all uploaded files on the site and exfiltrate sensitive data that was intended to be restricted to administrators only.
GitLab
Access Control Check Implemented After Asset is Accessed in GitLab
vendor_gitlab·2026-05-14·CVSS 4.3
CVE-2026-3607 [MEDIUM] CWE-1280 Access Control Check Implemented After Asset is Accessed in GitLab
Access Control Check Implemented After Asset is Accessed in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass package protection rules due to improper access control.
Affected products: GitLab
Affected versions: >=18.3, =18.10, =18.11, <18.11.3 (affected)
Solution: Upgrade to versions 18.9.7, 18.10.6, 18.11.3 or above.
Credit: Thanks [aphantom](https://hackerone.com/aphantom) for reporting this vulnerability through our HackerOne bug bounty program
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-1280 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-1280 [CRITICAL] CVE-2026-1280 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1280 :
WordPress vulnerability analysis and mitigation
The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_email' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files via email by supplying a file ID. Since file IDs are sequential integers, attackers can enumerate all uploaded files on the site and exfiltrate sensitive data that was intended to be restricted to administrators only.
Source : NVD
## 7.5
Score
Published January 28, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
WordPress
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due D
Bugzilla
CVE-2026-40614 PJSIP: pjproject: PJSIP: Arbitrary code execution or denial of service via Opus audio frame decoding buffer overflow
bugzilla·2026-04-21·CVSS 8.5
CVE-2026-40614 [HIGH] CVE-2026-40614 PJSIP: pjproject: PJSIP: Arbitrary code execution or denial of service via Opus audio frame decoding buffer overflow
CVE-2026-40614 PJSIP: pjproject: PJSIP: Arbitrary code execution or denial of service via Opus audio frame decoding buffer overflow
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FEC decode buffers (dec_frame[].buf) were allocated based on a PCM-derived formula: (sample_rate/1000) * 60 * channel_cnt * 2. At 8 kHz mono this yields only 960 bytes, but codec_parse() can output encoded frames up to MAX_ENCODED_PACKET_SIZE (1280) bytes via opus_repacketizer_out_range(). The three pj_memcpy() calls in codec_decode() copied input->size bytes without bounds checking, causing a heap buffer overflow.
https://plugins.trac.wordpress.org/browser/nmedia-user-file-uploader/tags/23.5/inc/callback-functions.php#L98https://plugins.trac.wordpress.org/browser/nmedia-user-file-uploader/trunk/inc/callback-functions.php#L98https://www.wordfence.com/threat-intel/vulnerabilities/id/e739e7d3-756a-4c93-9ca7-f7b9f9657033?source=cve
2026-01-28
Published