The Frontend File Manager Plugin for WordPress can be at risk of losing data without proper authorization. This is because the function wpfm_delete_multiple_files() does not have a capability check, leaving versions up to and including 21.5 vulnerable. This means that anyone without proper authentication can delete any post they want.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
