CVE-2025-57921
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| n-media | frontend_file_manager | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a missing authorization issue in the N-Media Frontend File Manager plugin for WordPress (up to version 23.2). It is caused by broken access control due to missing authorization, authentication, or nonce token checks in certain plugin functions. This allows unauthenticated users to perform actions that should require higher privileges, effectively bypassing security controls. It is classified under OWASP Top 10 category A1: Broken Access Control. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is that unauthenticated users can perform privileged actions within the Frontend File Manager plugin, potentially leading to unauthorized modifications or misuse of file management features. However, the severity is considered low with a CVSS score of 5.3, and it is unlikely to be widely exploited. There is no official patch yet, but virtual patching is available to mitigate the risk. If exploited, it could compromise the integrity of the affected website's file management. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unauthorized access attempts to the Frontend File Manager plugin functions that lack proper authorization checks. Since the vulnerability allows unauthenticated users to perform privileged actions, you can look for unusual HTTP requests targeting the plugin endpoints or functions related to file management. Specific commands are not provided in the available resources, but general approaches include inspecting web server logs for suspicious access patterns or using web application firewalls to detect exploit attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) provided by Patchstack, which automatically protects websites from this vulnerability without requiring an official patch. Additionally, it is recommended to seek professional incident response services or assistance from your hosting provider if you suspect compromise. Since no official fix is available yet, timely updates and monitoring are crucial to reduce risk. [1]