PT-2026-8399 · WordPress · Frontend File Manager
Published
2026-02-17
·
Updated
2026-02-25
·
CVE-2026-0829
CVSS v3.1
5.8
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Frontend File Manager plugin versions through 23.5
Description
The Frontend File Manager plugin allows unauthenticated users to send emails through the WordPress site without security checks. This enables attackers to utilize the site as an open relay for spam or phishing emails. Attackers can also attempt to guess file IDs to access and share uploaded files without authorization, potentially exposing sensitive information.
Recommendations
Update the plugin to a version newer than 23.5.
Remove the plugin if an update is not available.
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Frontend File Manager