Frontend File Manager Plugin, CVE-2023-7306

CVE, Research URL: CVE-2023-7306
Home page URL: Security reports for Frontend File Manager Plugin
Application: Frontend File Manager Plugin
Published on: Jul 25, 2025
Research Description: The Frontend File Manager Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpfm_delete_multiple_files() function in all versions up to, and including, 21.5. This makes it possible for unauthenticated attackers to delete arbitrary posts.
Affected versions: Min -, max 22.0.
Status: vulnerable