CVE-2025-13382 | Frontend File Manager Plugin up to 23.4 on WordPress REST API Endpoint /wpfm/v1/file-rename fileid resource injection

A vulnerability classified as problematic has been found in Frontend File Manager Plugin up to 23.4 on WordPress. Affected by this vulnerability is an unknown functionality of the file /wpfm/v1/file-rename of the component REST API Endpoint. Performing manipulation of the argument fileid results in improper control of resource identifiers.

This vulnerability is known as CVE-2025-13382. Remote exploitation of the attack is possible. No exploit is available.VulDB Recent EntriesRead More