cleantalk
Vulnerabilities and Security Researches

Frontend File Manager Plugin, CVE-2026-8378

CVE, Research URL

CVE-2026-8378

Home page URL

Security reports for Frontend File Manager Plugin

Application

Frontend File Manager Plugin

Published on
Jun 23, 2026
Research Description
The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitted to the frontend file-rename endpoint before storing it as post meta and rendering it back on the admin File Manager listing, leading to a Stored Cross-Site Scripting vulnerability exploitable by users with Subscriber-level access and above against an administrator viewing the file management interface.
Affected versions
max 23.6.
Status
vulnerable
Previous vulnerability researches
BirdSeed (CVE-2026-4071) , Jun 04, 2026
New vulnerability
Admin and Site Enhancements (ASE) , Jun 25, 2026
Advanced Google reCAPTCHA , Jun 25, 2026
Page Optimize , Jun 25, 2026
Image Optimizer by Elementor – Compress, Resize and Optimize Images , Jun 25, 2026
Facebook Chat Plugin – Live Chat Plugin for WordPress , Jun 25, 2026