An authenticated arbitrary file deletion vulnerability in the WordPress Frontend File Manager Plugin could allow an attacker to disrupt service or cause data loss by removing critical files.

This is an authenticated vulnerability, meaning the attacker must first possess a valid user account on the WordPress instance. Once authenticated, the attacker can leverage the plugin's file management functions to delete arbitrary files from the server's filesystem.

This vulnerability allows for the deletion of critical system or application files, which could lead to site instability, denial of service, or the removal of security-sensitive configuration files. With a CVSS score of 8.1, the high severity reflects the potential for significant operational disruption and the ease with which an attacker can cause permanent damage to the web environment.

Immediate Action: Update the Frontend File Manager Plugin to the latest patched version immediately.

Proactive Monitoring: Review WordPress user account activities and audit file modification logs for unauthorized deletion events.

Compensating Controls: If a patch is unavailable, disable the plugin entirely and implement a Web Application Firewall (WAF) to block suspicious requests targeting file management endpoints.

Public Exploit Available: false

Administrators should treat this vulnerability with urgency, especially if the site allows user registration. Removing the plugin if it is not strictly required is the safest course of action until a verified update is applied.