Vulnerabilities and security researches forfront-editor front-editor
Direction: ascendingJun 06, 2024
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # CVE-2024-2967
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- May 02, 2024
- Research Description
- The Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 4.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
- Affected versions
-
max 4.4.8.
- Status
-
vulnerable
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # CVE-2023-1982
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Aug 30, 2023
- Research Description
- The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
- Affected versions
-
max 4.0.4.
- Status
-
vulnerable
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # 709ab8180bce5cee4fb1c317bb7666ee58024366
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Feb 28, 2022
- Research Description
- Guest posting / Frontend Posting / Front Editor – WP Front User Submit [front-editor] < 3.4.1 WordPress Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin <= 3.4.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin (versions <= 3.4.0).
- Affected versions
-
max 3.4.1.
- Status
-
vulnerable
Nov 16, 2024
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # CVE-2022-4974
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Oct 16, 2024
- Research Description
- The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
- Affected versions
-
max 3.4.1.
- Status
-
vulnerable
May 09, 2025
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # CVE-2025-47617
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- May 07, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Stored XSS.This issue affects WP Front User Submit / Front Editor: from n/a through <= 5.0.6.
- Affected versions
-
max 5.0.6.
- Status
-
vulnerable
Jun 24, 2025
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # CVE-2025-52795
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Jun 20, 2025
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Cross Site Request Forgery.This issue affects WP Front User Submit / Front Editor: from n/a through <= 5.0.6.
- Affected versions
-
max 5.0.6.
- Status
-
vulnerable
Jul 02, 2025
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # CVE-2025-28988
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Jun 27, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Reflected XSS.This issue affects WP Front User Submit / Front Editor: from n/a through <= 4.9.3.
- Affected versions
-
max 4.9.4.
- Status
-
vulnerable
Dec 10, 2025
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # CVE-2025-12569
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Nov 24, 2025
- Research Description
- The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue
- Affected versions
-
max 5.0.0.
- Status
-
vulnerable
Jan 10, 2026
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # CVE-2025-13419
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Jan 07, 2026
- Research Description
- The Guest posting / Frontend Posting / Front Editor – WP Front User Submit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bfe/v1/revert' REST API endpoint in all versions up to, and including, 5.0.0. This makes it possible for unauthenticated attackers to delete arbitrary media attachments.
- Affected versions
-
max 5.0.1.
- Status
-
vulnerable
Apr 14, 2026
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # CVE-2026-1867
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Mar 11, 2026
- Research Description
- The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6's settings, it is possible for an unauthenticated attacker to export and download all of the form data/settings, including the administrator's email address.
- Affected versions
-
max 5.0.6.
- Status
-
vulnerable
Jun 13, 2026
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # CVE-2023-33999
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Jun 11, 2026
- Research Description
- Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows DOM-Based XSS. This issue affects WP Mail Log: from n/a through 1.0.2.
- Affected versions
-
max 4.0.4.
- Status
-
vulnerable
Jun 16, 2026
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # 6d8910c719b2a132ec93828cd37e418b19cac960
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Mar 04, 2022
- Research Description
- Guest posting / Frontend Posting / Front Editor – WP Front User Submit [front-editor] < 3.4.1 Freemius SDK <= 2.4.2 - Missing Authorization Checks The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
- Affected versions
-
max 3.4.1.
- Status
-
vulnerable
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # 25a554c8edab92a663999b7fff7239c6e4c47741
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Jun 12, 2023
- Research Description
- Guest posting / Frontend Posting / Front Editor – WP Front User Submit [front-editor] < 3.8.0 Front User Submit | Front Editor <= 3.7.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting The Front User Submit | Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘formBuilderData’ parameter saved through the save_post_front_settings() function called via AJAX in versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 3.8.0.
- Status
-
vulnerable
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # b769ec2edd62a940435cfca5de9fe85951045550
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Feb 28, 2022
- Research Description
- Guest posting / Frontend Posting / Front Editor – WP Front User Submit [front-editor] < 3.4.1 WordPress Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin <= 3.4.0 - Sensitive Information Disclosure vulnerability Sensitive Information Disclosure vulnerability discovered in WordPress Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin (versions <= 3.4.0).
- Affected versions
-
max 3.4.1.
- Status
-
vulnerable
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # e72f8a7922e4dddc62d7b6c3826258a9809f560a
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Jun 27, 2023
- Research Description
- Guest posting / Frontend Posting / Front Editor – WP Front User Submit [front-editor] < 3.8.5 WordPress WP Front User Submit / Front Editor Plugin <= 3.8.4 is vulnerable to Cross Site Scripting (XSS) Update the WordPress WP Front User Submit / Front Editor plugin to the latest available version (at least 3.8.5). WordFence discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress WP Front User Submit / Front Editor Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 3.8.5.
- Affected versions
-
max 3.8.5.
- Status
-
vulnerable
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # 6af0f76dff7fd5061b09f63c8144653654028249
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Jun 27, 2023
- Research Description
- Guest posting / Frontend Posting / Front Editor – WP Front User Submit [front-editor] < 3.8.5 Front User Submit | Front Editor <= 3.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting The Front User Submit | Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via field labels in versions up to, and including, 3.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 3.8.5.
- Status
-
vulnerable
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # 66bf9d8ddfa7afe2990fc5ef3c7e2c971384f52a
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Jun 13, 2023
- Research Description
- Guest posting / Frontend Posting / Front Editor – WP Front User Submit [front-editor] < 3.8.0 WordPress WP Front User Submit / Front Editor Plugin < 3.8.0 is vulnerable to Cross Site Scripting (XSS) Update the WordPress WP Front User Submit / Front Editor plugin to the latest available version (at least 3.8.0). Unknown discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress WP Front User Submit / Front Editor Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 3.8.0.
- Affected versions
-
max 3.8.0.
- Status
-
vulnerable