CVE 7.7 HIGH

Frontend File Manager < 23.5 - Subscriber+ Arbitrary File Deletion_CVE-2025-14804

January 7, 2026 invoker category_cve
7.7 / 10
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Description

The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server

Basic Information

ID CVE-2025-14804
Source WPScan
Published Jan 7, 2026 at 06:00
Modified Jan 7, 2026 at 14:37

Affected Product

Vendor Unknown
Product Frontend File Manager Plugin
Affected Versions Unknown Frontend File Manager Plugin 0

CWE Classification

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.