Unknown Frontend File Manager Plugin vulnerabilities
6 known vulnerabilities affecting unknown/frontend_file_manager_plugin.
Total CVEs
6
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2026-0829MEDIUMCVSS 5.8PoC≤ 23.52026-02-17
CVE-2026-0829 [MEDIUM] CWE-862 CVE-2026-0829: The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send
The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access and share uploaded files without permission, exposing sens
cvelistv5nvd
CVE-2025-14804HIGHCVSS 7.7fixed in 23.52026-01-07
CVE-2025-14804 [HIGH] CWE-73 CVE-2025-14804: The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and
The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server
cvelistv5nvd
CVE-2023-5105MEDIUMCVSS 6.5fixed in 22.62023-12-04
CVE-2023-5105 [MEDIUM] CWE-22 CVE-2023-5105: The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Edi
The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php`
cvelistv5nvd
CVE-2022-3126MEDIUMCVSS 4.3≥ 21.4, < 21.42022-10-17
CVE-2022-3126 [MEDIUM] CWE-352 CVE-2022-3126: The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploadin
The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf
cvelistv5nvd
CVE-2022-3125HIGHCVSS 8.8≥ 21.3, < 21.32022-10-03
CVE-2022-3125 [HIGH] CWE-434 CVE-2022-3125: The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such a
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE
cvelistv5nvd
CVE-2022-3124MEDIUMCVSS 5.3PoC≥ 21.3, < 21.32022-10-03
CVE-2022-3124 [MEDIUM] CWE-862 CVE-2022-3124: The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to ren
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server
cvelistv5nvd