CVE-2026-0829
MEDIUM NUCLEIFrontend File Manager Plugin 23.5 - Info Disclosure
Title source: llmExploitation Summary
CVE-2026-0829 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access and share uploaded files without permission, exposing sensitive information.
Nuclei Templates (1)
Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending
HIGHVERIFIEDby 0x_Akoko
References (1)
Core 1
Core References
Third Party Advisory exploit
vdb-entry
technical-description
https://wpscan.com/vulnerability/57d62cea-cfb8-4421-a209-e64a015ad225/
Scores
CVSS v3
5.8
EPSS
0.0278
EPSS Percentile
86.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (2)
None/Frontend File Manager Plugin
< 23.5
Unknown/Frontend File Manager Plugin
< 23.5
Published
Feb 17, 2026
Tracked Since
Feb 18, 2026