WordPress File Manager Plugin Unauthenticated File Download

The Frontend File Manager Plugin for WordPress through version 23.6 contains a critical authentication bypass vulnerability in its file download handler. The plugin fails to properly validate nonce tokens, which are WordPress's standard CSRF protection mechanism, allowing unauthenticated attackers to download any files uploaded by legitimate users. This vulnerability is particularly dangerous because attackers can enumerate file identifiers to systematically extract sensitive documents, user data, or configuration files that users intended to share only within authenticated contexts. WordPress site administrators and users who rely on this plugin for file management are directly at risk, as their uploaded files become accessible to the broader internet without proper authorization controls.

Casky practitioners leveraging Claude AI's extended reasoning would identify attack patterns associated with unauthorized access and data exfiltration, mapping to MITRE ATT&CK techniques like T1566 (Phishing), T1040 (Traffic Sniffing), and T1005 (Data from Local System). While this specific CVE currently lacks formal technique mappings, a security team using Casky's 754 mapped skills would detect suspicious patterns including: repeated HTTP requests to file download endpoints with varying identifiers, absence of valid session tokens in request headers, and successful retrieval of files without proper authentication logs. Practitioners would see findings highlighting unauthenticated access attempts, enumeration patterns, and unauthorized data access—enabling them to prioritize patching and implement compensating controls like Web Application Firewalls to block suspicious download requests before CVE-2026-8379 can be exploited at scale.