Tag
CVE-2026-8380 is a critical authorization bypass vulnerability in the WordPress Frontend File Manager plugin <= 23.6 that allows authenticated low-privilege users, or unauthenticated users with guest uploads enabled, to permanently delete arbitrary WordPress posts, pages, attachments, and custom post types.