cleantalk
Vulnerabilities and Security Researches

Frontend File Manager Plugin, CVE-2025-14804

CVE, Research URL

CVE-2025-14804

Home page URL

Security reports for Frontend File Manager Plugin

Application

Frontend File Manager Plugin

Published on
Jan 07, 2026
Research Description
The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server
Affected versions
max 23.5.
Status
vulnerable
Previous vulnerability researches
Frontend File Manager Plugin (CVE-2025-14804) , Jan 28, 2026
Frontend File Manager Plugin (CVE-2026-25005) , Feb 28, 2026
Frontend File Manager Plugin (CVE-2025-64265) , Dec 10, 2025
Frontend File Manager Plugin (CVE-2025-13382) , Dec 10, 2025
Frontend File Manager Plugin (CVE-2025-27358) , Jul 06, 2025
New vulnerability
WP Photo Album Plus (CVE-2026-39511) , Apr 24, 2026
Widgets for Google Reviews (CVE-2025-9436) , Apr 24, 2026
WP Mailgun SMTP (CVE-2025-59003) , Apr 24, 2026
TP Woocommerce Product Gallery (CVE-2025-5092) , Apr 24, 2026
Gallery with thumbnail slider (CVE-2025-5092) , Apr 24, 2026