CVE-2026-0829 | THREATINT

Description

The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access and share uploaded files without permission, exposing sensitive information.

PUBLISHED Reserved 2026-01-09 | Published 2026-02-17 | Updated 2026-02-17 | Assigner WPScan

Problem types

CWE-862 Missing Authorization

Product status

Default status

affected

Any version

affected

Credits

yiğit ibrahim sağlam finder

WPScan coordinator

References

wpscan.com/...rability/57d62cea-cfb8-4421-a209-e64a015ad225/ exploit vdb-entry technical-description

cve.org (CVE-2026-0829)

nvd.nist.gov (CVE-2026-0829)

Download JSON