CVE Catalog

CVE-2026-8379

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

3th percentile — higher than 3% of all known CVEs

Summary

The Frontend File Manager Plugin for WordPress up to version 23.6 does not properly enforce nonce checks on the file download handler, allowing unauthenticated attackers to download files uploaded by any user.

Risk Assessment

Attackers can gain access to sensitive files, leading to breaches of user data privacy and potential financial losses for the organization.

Recommendation

It is recommended to update the Frontend File Manager plugin to the latest version to mitigate this vulnerability and implement additional security measures, such as restricting access to file downloads.

Original NVD description (English source)

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating identifiers.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS