CVE-2026-1296

MEDIUM NUCLEI

Frontend Post Submission Manager Lite <=1.2.7 - Open Redirect

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-1296. PoCs published by Sechunt3r. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2026-1296, an unauthenticated open redirect vulnerability in the Frontend Post Submission Manager Lite WordPress plugin. The exploit demonstrates how an attacker can redirect users to malicious sites via the 'requested_page' POST parameter.

Description

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requested_page' POST parameter in the verify_username_password function. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action such as clicking on a link.

Exploits (1)

github WORKING POC
by Sechunt3r · shellpoc
https://github.com/Sechunt3r/CVE-POCs/tree/main/CVE-2026-1296

This repository contains a functional exploit PoC for CVE-2026-1296, an unauthenticated open redirect vulnerability in the Frontend Post Submission Manager Lite WordPress plugin. The exploit demonstrates how an attacker can redirect users to malicious sites via the 'requested_page' POST parameter.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Frontend Post Submission Manager Lite <= 1.2.7
No auth needed
Prerequisites: WordPress site with vulnerable plugin installed
devstral-2 · analyzed Mar 16, 2026 Full analysis →

Nuclei Templates (1)

Frontend Post Submission Manager Lite <= 1.2.7 - Open Redirect
MEDIUMVERIFIEDby Shivam Kamboj

References (4)

Core 4

Scores

CVSS v3 6.1
EPSS 0.0031
EPSS Percentile 54.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-601
Status published
Products (1)
wpshuffle/Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin 1.0.0 - 1.2.7
Published Feb 18, 2026
Tracked Since Feb 18, 2026