Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Frontend File Manager Plugin — Vulnerabilities & Security Advisories 23

All 23 CVE vulnerabilities found in Frontend File Manager Plugin, with AI-generated Chinese analysis, references, and POCs.

This page documents the Common Weakness Enumerations associated with the Frontend File Manager Plugin, a widely used WordPress extension developed by various contributors and vendors. It aggregates security issues ranging from insecure direct object references and path traversal vulnerabilities to cross-site scripting flaws within the plugin’s file handling mechanisms. The database covers known vulnerabilities reported between 2018 and 2024, reflecting the evolving threat landscape faced by this component over the past several years. Visitors can utilize this resource to track individual vendor advisories as they are released, gain a deeper understanding of specific weakness classes such as Improper Limitation of a Pathname to a Restricted Directory, or look up a specific product version’s vulnerability history to assess risk exposure. By centralizing these disparate data points, the page serves as a technical reference for developers, security auditors, and site administrators who need to evaluate the integrity of their WordPress installations. Understanding the scope and nature of these flaws is critical for applying appropriate patches and mitigating potential attacks that could lead to unauthorized file access or data exfiltration. This compilation aims to provide clarity on the security posture of the Frontend File Manager Plugin without oversimplifying the technical details inherent in each reported incident.

Vendor: Unknown

CVE IDTitleCVSSSeverityPublished
CVE-2026-12277 Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Deletion via Saved File Metadata Path Traversal --2026-07-07
CVE-2026-8095 Frontend File Manager Plugin <= 23.6 - Authenticated (Subscriber+) Arbitrary File Deletion CWE-73 8.1 High2026-06-27
CVE-2026-8380 Frontend File Manager Plugin <= 23.6 - Author+ Arbitrary Post Deletion --2026-06-26
CVE-2026-8379 Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Download --2026-06-23
CVE-2026-8378 Frontend File Manager Plugin <= 23.6 - Subscriber+ Stored Cross-Site Scripting via File Rename --2026-06-23
CVE-2026-5337 Frontend File Manager Plugin <= 23.6 - Subscriber+ Arbitrary Download Access via IDOR 6.5 -2026-05-03
CVE-2026-0829 Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending 6.5AIMediumAI2026-02-17
CVE-2026-1280 Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter CWE-862 7.5 High2026-01-28
CVE-2025-14804 Frontend File Manager < 23.5 - Subscriber+ Arbitrary File Deletion 6.5 -2026-01-07
CVE-2025-13382 Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming CWE-639 4.3 Medium2025-11-25
CVE-2023-7306 Frontend File Manager <= 21.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion CWE-862 7.5 High2025-07-25
CVE-2023-5105 Frontend File Manager < 22.6 - Editor+ Arbitrary File Download 6.5AIMediumAI2023-12-04
CVE-2021-4369 Frontend File Manager <= 18.2 - Unauthenticated Content Injection CWE-862 5.8 Medium2023-06-07
CVE-2021-4368 Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload CWE-862 9.9 Critical2023-06-07
CVE-2021-4365 Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting CWE-79 7.2 High2023-06-07
CVE-2021-4359 Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion CWE-862 6.5 Medium2023-06-07
CVE-2021-4356 Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download CWE-862 9.0 Critical2023-06-07
CVE-2021-4351 Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change CWE-862 5.8 Medium2023-06-07
CVE-2021-4350 Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails CWE-862 7.2 High2023-06-07
CVE-2021-4344 Frontend File Manager <= 18.2 - Privilege Escalation CWE-285 6.4 Medium2023-06-07
CVE-2022-3126 Frontend File Manager < 21.4 - File Upload via CSRF CWE-352 6.5 -2022-10-17
CVE-2022-3125 Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload CWE-434 8.8 -2022-10-03
CVE-2022-3124 Frontend File Manager < 21.3 - Unauthenticated File Renaming CWE-862 5.3 -2022-10-03

All 23 known CVE vulnerabilities affecting Frontend File Manager Plugin with full Chinese analysis, references, and POCs where available.