CVE-2025-57921
WordPress Frontend File Manager Plugin <= 23.2 - Broken Access Control VulnerabilityMissing Authorization vulnerability in N-Media Frontend File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frontend File Manager: from n/a through 23.2.
We have discovered 15 live websites that are affected by CVE-2025-57921.
Affected Software
| Product |  Nmedia User File Uploader |
| Category | Wordpress Plugins |
| Vulnerable Domains | 15 live websites (100% of Nmedia User File Uploader install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 1 versions ( 100% of all versions) |
Common Weakness Enumeration
CWE-862 Missing AuthorizationDetails
- Published - Sep 22, 2025
- Updated - Sep 23, 2025
Credits
- Hiro (Code016Hiro) (Patchstack Alliance) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-57921 United States | 6 websites |
 Italy | 2 websites |
 Russia | 2 websites |
 Australia | 1 websites |
 Colombia | 1 websites |
 Greece | 1 websites |
 Netherlands | 1 websites |
 Vietnam | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2025-57921| .com | 5 websites |
| .it | 2 websites |
| .com.au | 1 websites |
| .nl | 1 websites |
| .org | 1 websites |
| .ru | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-57921
Top websites that are affected by CVE-2025-57921. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.org | United States | *,***,*** | |
| *************.com | United States | *,***,*** | |
| *****.ru | Russia | **,***,*** | |
| ***********.com | United States | **,***,*** | |
| ********.biz | Russia | **,***,*** | |
| ****************.com | United States | **,***,*** | |
| *************.nl | Netherlands | **,***,*** | |
| ***********.***.vn | Vietnam | **,***,*** | |
| **************.com | United States | **,***,*** | |
| ************.com | United States | **,***,*** |
FAQ
CVE-2025-57921 is Missing Authorization in Nmedia User File Uploader
A total of 15 websites have been identified as vulnerable to CVE-2025-57921, based on global website indexing conducted by WebTechSurvey.
The Nmedia User File Uploader is affected by the CVE-2025-57921 vulnerability.
Nmedia User File Uploader versions up to and including 23.2 are vulnerable to CVE-2025-57921.