Impact
The Frontend File Manager Plugin for WordPress allows file downloads without checking its nonce token, permitting unauthenticated users to retrieve any file uploaded by the plugin. This weakness is an improper access control flaw that lets an attacker acquire files that may contain sensitive data. Based on the description, it is inferred that downloading such files could expose confidential documents or credentials stored by site users, although the specific impact depends on what users have uploaded.
Affected Systems
WordPress sites that use the Frontend File Manager Plugin version 23.6 or earlier are affected. The plugin vendor is not identified, but any WordPress installation containing the vulnerable version of the plugin remains at risk until the plugin is updated beyond 23.6.
Risk and Exploitability
The flaw can be exploited by sending unauthenticated HTTP requests to the download endpoint and iterating numeric or sequential identifiers. No authentication or additional privileges are required to trigger the vulnerability. The CVSS score of 7.5 indicates high severity, but the EPSS score of < 1% shows that exploitation is unlikely at present. The issue is not listed in CISA’s KEV catalogue, suggesting no widely reported exploitation.
OpenCVE Enrichment