A high-severity vulnerability has been identified in the Frontend File Manager Plugin for WordPress, which could allow an unauthorized attacker to access and share sensitive files from the web server. Successful exploitation could lead to the exposure of confidential data, such as configuration files, user information, or proprietary business data. Organizations are urged to update the affected plugin immediately to prevent potential data breaches.

The vulnerability exists due to a missing capability check on the wpfm_send_file_in_email AJAX function. This function is intended to allow authorized users to email files from the server. However, because the necessary security checks are absent, any unauthenticated user can craft a request to the server's AJAX endpoint, specify an arbitrary file path on the server, and provide an email address. The server will then execute this request and email the specified file to the attacker's chosen address, resulting in unauthorized information disclosure.

This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation could have a significant negative impact on the business by enabling data exfiltration. An attacker could steal critical files such as wp-config.php (containing database credentials), customer data, intellectual property, or other sensitive documents stored on the web server. The consequences of such a data breach include reputational damage, financial loss, regulatory fines for non-compliance with data protection laws (e.g., GDPR, CCPA), and the potential for attackers to use leaked credentials to escalate their privileges and achieve further system compromise.

Immediate Action:

• Immediately update the Frontend File Manager Plugin to the latest version available (greater than version 23) where the vulnerability has been patched.
• If the plugin is not essential for business operations, consider deactivating and removing it entirely to eliminate the attack surface.
• Review WordPress security settings to ensure user roles and permissions are configured according to the principle of least privilege.

Proactive Monitoring:

• Monitor web server access logs for an unusual volume of POST requests to /wp-admin/admin-ajax.php with the parameter action=wpfm_send_file_in_email, especially from unauthenticated IP addresses.
• Review outbound mail server logs for unexpected emails originating from the web server, which could indicate that files are being exfiltrated.
• Utilize a Web Application Firewall (WAF) to detect and block malicious requests attempting to exploit this specific AJAX action.

Compensating Controls:

• If immediate patching is not feasible, implement a custom WAF rule to block any request containing the action=wpfm_send_file_in_email parameter.
• Temporarily disable the plugin until a patch can be applied.
• Enforce strict file system permissions to limit the web server user's read access to only necessary directories, reducing the scope of potential data exposure.

Public Exploit Available: false

Given the high severity (CVSS 7.5) and the direct risk of sensitive data exfiltration, immediate action is strongly recommended. Organizations must prioritize updating the affected Frontend File Manager plugin to the latest patched version. Although this vulnerability is not currently listed on the CISA KEV list, its ease of exploitation makes it an attractive target for attackers. If patching cannot be performed immediately, compensating controls such as deploying a WAF rule or disabling the plugin should be implemented as a matter of urgency to mitigate the risk of a data breach.