cleantalk
Vulnerabilities and Security Researches

Frontend File Manager Plugin, CVE-2026-8379

CVE, Research URL

CVE-2026-8379

Home page URL

Security reports for Frontend File Manager Plugin

Application

Frontend File Manager Plugin

Published on
Jun 23, 2026
Research Description
The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating identifiers.
Affected versions
max 23.6.
Status
vulnerable
Previous vulnerability researches
WP Featured Screenshot (CVE-2025-32557) , Apr 15, 2025
New vulnerability
Admin and Site Enhancements (ASE) , Jun 25, 2026
Advanced Google reCAPTCHA , Jun 25, 2026
Page Optimize , Jun 25, 2026
Image Optimizer by Elementor – Compress, Resize and Optimize Images , Jun 25, 2026
Facebook Chat Plugin – Live Chat Plugin for WordPress , Jun 25, 2026