Volerion logoVolerion
Volerion logoVolerion

Frontend File Manager Plugin Missing Authorization Vulnerability in WordPress

Vulnerability

A vulnerability exists in the Frontend File Manager Plugin for WordPress, specifically in versions up to and including 23.5. The issue arises from a lack of proper capability checks on the 'wpfm_send_file_in_email' AJAX action, allowing unauthorized file sharing. This flaw enables unauthenticated attackers to send arbitrary uploaded files via email by providing a file ID. Since file IDs are sequential integers, attackers can easily enumerate all uploaded files on the site and extract sensitive information intended for administrators only.

Impact

Exploitation of this vulnerability allows for unauthorized file sharing via email, potentially leading to the exfiltration of sensitive data.

Reproduction

To reproduce this vulnerability, send a request to the 'wpfm_send_file_in_email' AJAX action without authentication. Include a file ID in the request. The absence of a capability check will allow the file to be sent via email, regardless of the user's authentication status.

Remediation

No known patch is available. It is recommended to uninstall the affected plugin and find a replacement.

Added: Jan 28, 2026, 12:23 PM
Updated: Jan 28, 2026, 12:23 PM

Vulnerability Rating

Custom Algorithm
spread
1.0
impact
2.5
exploitability
7.4
remediation
0.0
relevance
2.4
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.