Vulnerabilities and security researches forfront-editor front-editor

Jun 06, 2024

CVE, Research URL: CVE-2024-2967
Home page URL: Security reports for Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
Application: Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
Date: May 02, 2024
Research Description: The Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-1982
Home page URL: Security reports for Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
Application: Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
Date: Aug 30, 2023
Research Description: The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: 709ab8180bce5cee4fb1c317bb7666ee58024366
Home page URL: Security reports for Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
Application: Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
Date: Feb 28, 2022
Research Description: Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor [front-editor] < 4.0.4 WordPress Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin <= 3.4.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin (versions <= 3.4.0).
Affected versions: Min -, max -.
Status: vulnerable

Nov 16, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
Application: Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable

May 09, 2025

CVE, Research URL: CVE-2025-47617
Home page URL: Security reports for Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
Application: Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
Date: May 07, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor allows Stored XSS. This issue affects WP Front User Submit / Front Editor: from n/a through 4.9.3.
Affected versions: Min -, max -.
Status: vulnerable