CVE-2025-57921: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2025-57921) was discovered in N-Media Frontend File Manager plugin version 23.2 and earlier. The vulnerability was disclosed on September 22, 2025, affecting the access control security levels in the WordPress plugin (NVD, Patchstack).

The vulnerability is classified as a Broken Access Control issue with a CVSS v3.1 Base Score of 5.3 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. The security flaw is categorized under CWE-862 (Missing Authorization) and relates to incorrectly configured access control security levels that could allow unprivileged users to execute higher privileged actions (Patchstack).

The vulnerability has a low to medium severity impact, potentially allowing unauthorized users to perform actions that should be restricted to privileged users. The security issue primarily affects the integrity of the system, though the specific impact is considered relatively low according to the CVSS scoring (Patchstack).

As of the disclosure date, no official fix has been made available for this vulnerability. The issue affects versions up to and including 23.2 of the Frontend File Manager plugin (Patchstack).