Frontend File Manager Plugin, CVE-2026-8379
- CVE, Research URL
- Home page URL
- Application
- Published on
- Jun 23, 2026
- Research Description
- The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating identifiers.
- Affected versions
-
max 23.6.
- Status
-
vulnerable
| Previous vulnerability researches |
|---|
| WP Latest Posts (CVE-2026-9620) , Jun 25, 2026 |
| WP Latest Posts (CVE-2016-10913) , Jun 07, 2024 |
| WP Latest Posts (CVE-2024-4135) , Jun 07, 2024 |