cleantalk
Vulnerabilities and Security Researches

Frontend File Manager Plugin, CVE-2025-14804

CVE, Research URL

CVE-2025-14804

Home page URL

Security reports for Frontend File Manager Plugin

Application

Frontend File Manager Plugin

Published on
Jan 07, 2026
Research Description
The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server
Affected versions
max 23.5.
Status
vulnerable
Previous vulnerability researches
Frontend File Manager Plugin (CVE-2025-14804) , Jan 28, 2026
Frontend File Manager Plugin (CVE-2026-25005) , Feb 28, 2026
Frontend File Manager Plugin (CVE-2025-64265) , Dec 10, 2025
Frontend File Manager Plugin (CVE-2025-13382) , Dec 10, 2025
Frontend File Manager Plugin (CVE-2025-27358) , Jul 06, 2025
New vulnerability
Security & Malware scan by CleanTalk , Apr 03, 2026
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026