CVE-2026-0829

MEDIUM 5.8

Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending

CVSS Score

5.8

EPSS Score

2.5%

EPSS Percentile

85th

The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access and share uploaded files without permission, exposing sensitive information.

Vendor	unknown
Product	frontend file manager plugin
Published	Feb 17, 2026
Last Updated	Apr 2, 2026

Stay Ahead of the Next One

Get instant alerts for unknown frontend file manager plugin

Be the first to know when new medium vulnerabilities affecting unknown frontend file manager plugin are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Frontend File Manager Plugin

0 ≤ 23.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/57d62cea-cfb8-4421-a209-e64a015ad225/

Credits

yiğit ibrahim sağlam WPScan