PT-2026-8399 · WordPress · Frontend File Manager

Publicado

2026-02-17

Atualizado

2026-02-25

CVE-2026-0829

CVSS v3.1

5.8

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Frontend File Manager plugin versions through 23.5

Description The Frontend File Manager plugin allows unauthenticated users to send emails through the WordPress site without security checks. This enables attackers to utilize the site as an open relay for spam or phishing emails. Attackers can also attempt to guess file IDs to access and share uploaded files without authorization, potentially exposing sensitive information.

Recommendations Update the plugin to a version newer than 23.5. Remove the plugin if an update is not available.

Exploit

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2026-0829

Produtos afetados

Frontend File Manager

PT-2026-8399 · WordPress · Frontend File Manager

CVE-2026-0829

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6