Cross-Site Scripting Vulnerability in Frontend File Manager by mndpsingh287
CVE-2025-27358

4.6MEDIUM

Key Information:

Vendor: WordPress
Status: Frontend File Manager
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-27358?

The Frontend File Manager by mndpsingh287 contains a flaw that allows for the improper neutralization of script-related HTML tags within web pages, leading to a potential code injection vulnerability. This can be exploited by malicious actors to execute arbitrary scripts in the context of the affected user’s browser, potentially compromising sensitive information or user accounts. The issue affects versions from n/a through 23.2, highlighting the importance of updating to secure versions.

Affected Version(s)

Frontend File Manager <= 23.2

References

https://patchstack.com/database/wordpress/plugin/wp-file-...

vdb-entry

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

PARK_Gyun_Deuk (Patchstack Alliance)