CVE-2026-5337
Frontend File Manager Plugin IDOR Exposes User Files
Publication date: 2026-05-03
Last updated on: 2026-05-04
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nmedia_user_file_uploader | 23.6 | to 23.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5337 is a vulnerability in the Frontend File Manager Plugin for WordPress (version 23.6 or below) that allows authenticated users with Subscriber-level access or higher to perform an Insecure Direct Object Reference (IDOR) attack.
The issue occurs because the plugin does not properly validate whether a user is authorized to access a requested uploaded file when processing download requests. By modifying the 'file_id' parameter in the download URL, an attacker can access files belonging to other users, including administrators.
This leads to unauthorized access and reading of sensitive data stored within the application.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive data because attackers with low privileges can access files uploaded by other users, including privileged administrators.
Such unauthorized access can compromise confidentiality and potentially expose sensitive or confidential information stored within the application.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and testing the download endpoint of the Frontend File Manager Plugin for improper authorization checks. Specifically, you can attempt to modify the 'file_id' parameter in the download URL to see if files belonging to other users, including administrators, can be accessed without proper permissions.
For example, you can use curl or similar HTTP clients to send requests with different 'file_id' values to the download endpoint and observe if unauthorized files are accessible.
- curl -i "http://localhost/?do=wpfm_download&file_id=40&nm_file_nonce=a36fb893f1"
- Modify the 'file_id' parameter to other values (e.g., 41, 42, etc.) to test if files from other users can be accessed.
If files not belonging to the authenticated user are accessible, this indicates the presence of the IDOR vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the download endpoint to only trusted users and monitoring for suspicious activity involving manipulation of the 'file_id' parameter.
Since no known fix is currently available, consider the following actions:
- Limit plugin usage to trusted users with higher privileges only.
- Implement additional access controls at the web server or application firewall level to block unauthorized attempts to access files via manipulated 'file_id' parameters.
- Monitor logs for unusual download requests that include modified 'file_id' values.
Plan to update or patch the plugin once a fix becomes available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthorized access to sensitive data stored within the application by exploiting an Insecure Direct Object Reference (IDOR) flaw. Such unauthorized disclosure of sensitive information can lead to non-compliance with data protection regulations like GDPR and HIPAA, which mandate strict controls over access to personal and sensitive data.
Specifically, the failure to properly validate user authorization and the resulting exposure of files belonging to other users, including privileged administrators, increases the risk of data breaches. This undermines the confidentiality and integrity requirements set forth by these standards.