CVE-2026-0829

CVSS v3.1

5.8

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Frontend File Manager plugin versions through 23.5

Description The Frontend File Manager plugin allows unauthenticated users to send emails through the WordPress site without security checks. This enables attackers to utilize the site as an open relay for spam or phishing emails. Attackers can also attempt to guess file IDs to access and share uploaded files without authorization, potentially exposing sensitive information.

Recommendations Update the plugin to a version newer than 23.5. Remove the plugin if an update is not available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-0829

Affected Products

Frontend File Manager

CVE-2026-0829

Related Identifiers

Affected Products

References · 4