WordPress Frontend File Manager Plugin Allows Unauthenticated Email Spam

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.8

WordPress Frontend File Manager Plugin Allows Unauthenticated Email Spam

CVE-2026-0829

Summary

An outdated version of the Frontend File Manager Plugin for WordPress lets attackers send spam emails and access sensitive files without permission. This can be exploited by anyone who knows the file IDs. To fix this, update the plugin to the latest version.

Original title

Original description

The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access and share uploaded files without permission, exposing sensitive information.

nvd CVSS3.1 5.8

Vulnerability type

CWE-862 Missing Authorization

https://wpscan.com/vulnerability/57d62cea-cfb8-4421-a209-e64a015ad225/

Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026