Vulnerability Brief
CVE-2026-8378
What this means for your business
If a security vulnerability is found in the WordPress plugin you're using, a malicious user could potentially take control of your website's admin panel, allowing them to make unauthorized changes or even steal sensitive information. This could lead to a loss of trust with your customers and damage to your business's reputation. It's essential to address this vulnerability promptly to prevent any potential harm.
- Severity: MEDIUM
- CVSS score: 5.4
Technical summary
The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitted to the frontend file-rename endpoint before storing it as post meta and rendering it back on the admin File Manager listing, leading to a Stored Cross-Site Scripting vulnerability exploitable by users with Subscriber-level access and above against an administrator viewing the file management interface.