CVE-2025-14804

Summary

The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server

Affected Software

VendorProductVersion RangeStatus
UnknownFrontend File Manager Plugin0 < 23.5affected

Weaknesses

  • CWE-73 External Control of File Name or Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References