CVE-2023-7306
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-07-25
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | frontend_file_manager_plugin | * |
| wordpress | nmedia_user_file_uploader | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Frontend File Manager Plugin for WordPress (CVE-2023-7306) is due to a missing capability check and disabled nonce verification in the wpfm_delete_multiple_files() function. This allows unauthenticated attackers to send AJAX requests to delete arbitrary files or directories managed by the plugin without proper authorization. The plugin handles files as custom post types and supports recursive deletion of directories. Because the security check (nonce verification) is commented out, attackers can bypass access controls and delete files or posts arbitrarily. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized deletion of files or directories managed by the plugin, resulting in loss of data. Attackers can delete arbitrary posts or files without authentication, potentially causing denial of service by removing critical content or user data. This compromises data integrity and availability on the affected WordPress site. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized AJAX requests targeting the file deletion endpoint of the Frontend File Manager Plugin, specifically calls to the wpfm_delete_multiple_files() function without proper nonce verification. You can look for suspicious POST requests to the plugin's AJAX handler that attempt to delete multiple files or directories. For example, using command-line tools like curl or network monitoring tools, you can check for POST requests containing parameters related to file IDs being deleted without valid nonce tokens. A sample command to test might be: curl -X POST -d "action=wpfm_delete_multiple_files&file_ids[]=123&file_ids[]=124" https://yourwordpresssite.com/wp-admin/admin-ajax.php If this request succeeds without authentication or nonce verification, the vulnerability is present. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Frontend File Manager Plugin to a version where the nonce verification in the wpfm_delete_multiple_files() function is properly enforced. If an update is not yet available, manually re-enable nonce verification by uncommenting and ensuring the wp_verify_nonce() check is active in the deletion function to prevent unauthorized AJAX requests. Additionally, restrict access to the plugin's AJAX endpoints to authenticated users only, and monitor logs for suspicious deletion attempts. As a temporary measure, consider disabling the plugin until a fix is applied. [1]