CVE-2026-5337 | Frontend File Manager Plugin up to 23.6 on WordPress Download Endpoint wpfm_download file_id authorization

A vulnerability marked as problematic has been reported in Frontend File Manager Plugin up to 23.6 on WordPress. This impacts the function wpfm_download of the component Download Endpoint. The manipulation of the argument file_id leads to authorization bypass.

This vulnerability is referenced as CVE-2026-5337. Remote exploitation of the attack is possible. No exploit is available.VulDB Recent EntriesRead More