A vulnerability was found in Frontend File Manager Plugin up to 23.6 on WordPress. It has been rated as problematic . This affects an unknown part of the component file-rename Endpoint . The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2026-8378 . It is possible to initiate the attack remotely. There is no exploit available.