A vulnerability classified as problematic was found in nmedia Frontend File Manager Plugin up to 23.6 on WordPress. Impacted is the function sanitize_key of the file wp-config.php of the component AJAX Handler . Executing a manipulation of the argument wpfm_dir_path can lead to file inclusion. This vulnerability is registered as CVE-2026-8095 . It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.