What is CVE-2026-8379?

CVE-2026-8379 is a high-severity vulnerability in Frontend File Manager Plugin, classified under CWE-639 AUTHORIZATION BYPASS THROUGH USER-CONTROLLED KEY. CVSS score: 7.5/10. Published 2026-06-23.

How severe is CVE-2026-8379?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Frontend File Manager Plugin

CVE-2026-8379

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Mana…

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Unknown Frontend File Manager Plugin — versions 0

References

contact@wpscan.com (technical-description, exploit, vdb-entry)

Frequently asked questions

What is CVE-2026-8379?: CVE-2026-8379 is a high-severity vulnerability in Frontend File Manager Plugin, classified under CWE-639 AUTHORIZATION BYPASS THROUGH USER-CONTROLLED KEY. CVSS score: 7.5/10. Published 2026-06-23.
How severe is CVE-2026-8379?: High severity. CVSS v3 base score is 7.5 out of 10.