Frontend File Manager Plugin

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Frontend File Manager Plugin

Information

Software Type Plugin
Software Slug nmedia-user-file-uploader (view on wordpress.org)
Software Status Removed
Software Author nmedia
Software Website najeebmedia.com
Software Downloads 202,352
Software Active Installs 1,000
Software Record Last Updated May 28, 2026

Showing 1-20 of 27 Vulnerabilities

Submit a Vulnerability
Frontend File Manager <= 23.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Download Access
4.3
CVE-2026-5337
Apr 11, 2026
Researcher: Mohamad Nour Almujarkesh
Frontend File Manager <= 23.5 - Missing Authorization
5.3
CVE-2026-0829
Feb 17, 2026
Researcher: ibrahimsql
Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter
7.5
CVE-2026-1280
Jan 27, 2026
Researcher: Md. Moniruzzaman Prodhan (NomanProdhan)
Frontend File Manager Plugin <= 23.5 - Unauthenticated Insecure Direct Object Reference
5.3
CVE-2026-25005
Jan 16, 2026
Researcher: Mdr
Frontend File Manager <= 23.4 - Authenticated (Subscriber+) Arbitrary File Deletion
8.1
CVE-2025-14804
Dec 17, 2025
Researchers: Gregory Allegoet, Bakir Tučić
Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming
4.3
CVE-2025-13382
Nov 24, 2025
Researcher: t.t.brothers
Frontend File Manager <= 23.2 - Missing Authorization
4.3
CVE-2025-64265
Oct 30, 2025
Researcher: Legion Hunter
Frontend File Manager <= 23.2 - Missing Authorization
5.3
CVE-2025-57921
Sep 22, 2025
Researcher: Hiro
Frontend File Manager <= 21.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
7.5
CVE-2023-7306
Jul 24, 2025
Researchers: Matteo Leonelli, David D.
Frontend File Manager <= 23.2 - Missing Authorization to Authenticated (Subscriber+) Content Injection
4.3
CVE-2025-27358
Jul 4, 2025
Researcher: PARK_Gyun_Deuk
Frontend File Manager <= 22.7 - Sensitive Information Exposure via user uploads
5.3
CVE-2024-25903
Feb 12, 2024
Researcher: Joshua Chan
Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal
9.1
CVE-2023-5105
Nov 13, 2023
Researcher: Dmitrii Ignatyev
Frontend File Manager Plugin <= 21.2 - Cross-Site Request Forgery to File Upload
8.8
CVE-2022-3126
Sep 26, 2022
Researcher: Raad Haddad
Frontend File Manager <= 21.2 - Missing Authorization
6.5
CVE-2022-3124
Sep 7, 2022
Researcher: Raad Haddad
Frontend File Manager <= 21.2 - Authenticated (Subscriber+) Arbitrary File Upload
8.8
CVE-2022-3125
Sep 7, 2022
Researcher: Raad Haddad
Frontend File Manager <= 21.3 - Cross-Site Request Forgery to Plugin Settings Update
8.8
CVE ID Unknown
Sep 6, 2022
Researchers:
Frontend File Manager <= 18.2 - Privilege Escalation
6.4
CVE-2021-4344
Jul 12, 2021
Researcher: Jerome Bruandet
Frontend File Manager <= 18.2 - Unauthenticated Content Injection
5.8
CVE-2021-4369
Jul 12, 2021
Researcher: Jerome Bruandet
Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload
9.9
CVE-2021-4368
Jul 12, 2021
Researcher: Jerome Bruandet
Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2021-4365
Jul 12, 2021
Researcher: Jerome Bruandet
Title Status CVE ID CVSS Researchers Date
Frontend File Manager <= 23.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Download Access Unpatched CVE-2026-5337 4.3 Mohamad Nour Almujarkesh April 11, 2026
Frontend File Manager <= 23.5 - Missing Authorization Unpatched CVE-2026-0829 5.3 ibrahimsql February 17, 2026
Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter Unpatched CVE-2026-1280 7.5 Md. Moniruzzaman Prodhan (NomanProdhan) January 27, 2026
Frontend File Manager Plugin <= 23.5 - Unauthenticated Insecure Direct Object Reference Patched CVE-2026-25005 5.3 Mdr January 16, 2026
Frontend File Manager <= 23.4 - Authenticated (Subscriber+) Arbitrary File Deletion Patched CVE-2025-14804 8.1 Gregory Allegoet, Bakir Tučić December 17, 2025
Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming Patched CVE-2025-13382 4.3 t.t.brothers November 24, 2025
Frontend File Manager <= 23.2 - Missing Authorization Patched CVE-2025-64265 4.3 Legion Hunter October 30, 2025
Frontend File Manager <= 23.2 - Missing Authorization Patched CVE-2025-57921 5.3 Hiro September 22, 2025
Frontend File Manager <= 21.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion Patched CVE-2023-7306 7.5 Matteo Leonelli, David D. July 24, 2025
Frontend File Manager <= 23.2 - Missing Authorization to Authenticated (Subscriber+) Content Injection Unpatched CVE-2025-27358 4.3 PARK_Gyun_Deuk July 4, 2025
Frontend File Manager <= 22.7 - Sensitive Information Exposure via user uploads Patched CVE-2024-25903 5.3 Joshua Chan February 12, 2024
Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal Patched CVE-2023-5105 9.1 Dmitrii Ignatyev November 13, 2023
Frontend File Manager Plugin <= 21.2 - Cross-Site Request Forgery to File Upload Patched CVE-2022-3126 8.8 Raad Haddad September 26, 2022
Frontend File Manager <= 21.2 - Missing Authorization Patched CVE-2022-3124 6.5 Raad Haddad September 7, 2022
Frontend File Manager <= 21.2 - Authenticated (Subscriber+) Arbitrary File Upload Patched CVE-2022-3125 8.8 Raad Haddad September 7, 2022
Frontend File Manager <= 21.3 - Cross-Site Request Forgery to Plugin Settings Update Patched 8.8 September 6, 2022
Frontend File Manager <= 18.2 - Privilege Escalation Patched CVE-2021-4344 6.4 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Unauthenticated Content Injection Patched CVE-2021-4369 5.8 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload Patched CVE-2021-4368 9.9 Jerome Bruandet July 12, 2021
Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2021-4365 7.2 Jerome Bruandet July 12, 2021

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation