WordPress Frontend File Manager Content Injection Vulnerability

Vulnerability

A cross-site scripting (XSS) vulnerability allowing code injection has been identified in the WordPress Frontend File Manager plugin, affecting versions through 23.2. This vulnerability arises from improper handling of script-related HTML tags, which could enable malicious actors to inject content into website pages and posts, potentially including phishing materials.

Impact

Exploitation of this vulnerability could lead to unauthorized content injection, allowing attackers to manipulate website pages and posts. This could be used to insert phishing pages or other malicious content, misleading users or causing reputational damage.

Added: Jul 4, 2025, 9:47 AM

Updated: Jul 4, 2025, 9:47 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Frontend File Manager Content Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating