Missing Authorization Vulnerability in N-Media Frontend File Manager
CVE-2025-64265

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Frontend File Manager
Vendor: CVE Published:; 13 November 2025

What is CVE-2025-64265?

The N-Media Frontend File Manager suffers from a missing authorization vulnerability that allows attackers to exploit incorrectly configured access control security levels. This flaw enables unauthorized access to sensitive functions, potentially leading to the exposure of confidential files. Users of versions from n/a to 23.2 should be aware of this issue and take necessary precautions to secure their installations.

Affected Version(s)

Frontend File Manager <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/nmed...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2025
Vulnerability Reserved
Oct 29, 2025

Credit

Legion Hunter | Patchstack Bug Bounty Program

JSON