N/A Unfixed
2026-05-03≤ 23.6
CVE-2026-5337
Frontend File Manager Plugin
Minimum safe version
23.6
Update to 23.6 or later to address 47 fixable vulnerabilities
Latest available23.6 ✓⚠ 4 vulnerabilities have no fix
Medium 5.3
2025-09-22< 23.4
CVE-2025-57921
N/A Unfixed
2026-01-27≤ 23.5
Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter
N/A Unfixed
2026-02-17≤ 23.5
Frontend File Manager <= 23.5 - Missing Authorization
Medium 5.3
2026-02-19< 23.6
CVE-2026-25005
High 7.7
2026-01-07< 23.5
CVE-2025-14804
Medium 4.3
2025-11-25< 23.5
CVE-2025-13382
Medium 4.3
2025-11-13< 23.3
CVE-2025-64265
Medium 4.6 Unfixed
2025-07-04≤ 23.6
WordPress Frontend File Manager plugin <= 23.6 - Content Injection vulnerability
High 7.5
2025-07-25< 22.0
Frontend File Manager <= 21.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
Critical 9.8
2024-10-16< 4.0
CVE-2016-15042
Medium 5.3
2024-03-17< 22.8
CVE-2024-25903
Medium 6.5
2023-12-04< 22.7
CVE-2023-5105
N/A
< 21.4
Frontend File Manager < 21.4 - Arbitrary Settings Update via CSRF
N/A
< 2.0
N-Media File Uploader < 2.0 Arbitrary File Upload
N/A
< 3.8
N-Media File Uploader <= 3.7 - Arbitrary File Upload
N/A
0000-00-00< 3.8
CVE-2015-4693
N/A
< 4.0
Front end file upload and manager Plugin <= 3.9 - Arbitrary File Upload
High 8.8
2023-06-07< 18.3
CVE-2021-4368
Medium 5.3
2023-06-07< 18.3
CVE-2021-4369
Medium 5.3
2023-06-07< 18.3
CVE-2021-4351
Critical 9.8
2023-06-07< 18.3
CVE-2021-4356
Medium 6.1
2023-06-07< 18.3
CVE-2021-4365
Medium 5.3
2023-06-07< 18.3
CVE-2021-4359
Medium 5.4
2023-06-07< 18.3
CVE-2021-4344
Medium 5.3
2023-06-07< 18.3
CVE-2021-4350
N/A
2015-06-10< 3.8
Frontend File Manager <= 3.7 - Arbitrary File Upload
N/A
2016-07-16< 4.0
Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload
N/A
2021-07-12< 18.3
Frontend File Manager <= 18.2 - Unauthenticated Content Injection
N/A
2021-07-12< 18.3
Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload
N/A
2021-07-12< 18.3
Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting
N/A
2021-07-12< 18.3
Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion
N/A
2021-07-12< 18.3
Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download
N/A
2021-07-12< 18.3
Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change
N/A
2021-07-12< 18.3
Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails
N/A
2021-07-12< 18.3
Frontend File Manager <= 18.2 - Privilege Escalation
N/A
2022-09-06< 21.3
Frontend File Manager <= 21.3 - Cross-Site Request Forgery to Plugin Settings Update
N/A
2022-09-26< 21.4
WordPress Frontend File Manager plugin <= 21.3 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Medium 4.3
2022-10-17< 21.4
CVE-2022-3126
Medium 5.3
2022-10-03< 21.3
CVE-2022-3124
High 8.8
2022-10-03< 21.3
CVE-2022-3125
N/A
2015-06-11< 3.8
WordPress N-Media File Uploader Plugin <= 3.7 - Arbitrary File Upload
N/A
2015-06-11< 2.0
WordPress N-Media File Uploader Plugin <= 1.9 - Arbitrary File Upload
N/A
2016-09-19< 4.0
WordPress Front End File Upload And Manager Plugin <= 3.9 - Arbitrary File Upload
N/A
2021-07-12< 18.3
WordPress Frontend File Manager plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion vulnerability
N/A
2021-07-12< 18.3
WordPress Frontend File Manager plugin <= 18.2 - Unauthenticated Post Meta Change and Arbitrary File Download vulnerability
N/A
2021-07-12< 18.3
WordPress Frontend File Manager plugin <= 18.2 - Unauthenticated HTML Injection vulnerability
N/A
2021-07-12< 18.3
WordPress Frontend File Manager plugin <= 18.2 - Authenticated Settings Change and Arbitrary File Upload vulnerabilities
N/A
2021-07-12< 18.3
WordPress Frontend File Manager plugin <= 18.2 - Unauthenticated Content Injection and Stored XSS vulnerabilities
N/A
2021-07-12< 18.0
WordPress Frontend File Manager plugin <= 17.1 - Privilege Escalation vulnerability
N/A
2014-09-26< 3.6
CVE-2014-5324