PatchSiren

Frontend File Manager Plugin CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Frontend File Manager Plugin CVE published 2026-06-23

CVE-2026-8379

The CVE-2026-8379 vulnerability affects the Frontend File Manager Plugin for WordPress through version 23.6. This plugin does not properly enforce its nonce check on the file download handler. As a result, unauthenticated attackers can download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin by iterating identifiers. The CVSS score for this vulnerability is 7.5, indica [truncated]