Vulnerabilities and security researches forfront-editor front-editor
Direction: descendingGuest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # CVE-2025-13419
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Jan 07, 2026
- Research Description
- The Guest posting / Frontend Posting / Front Editor – WP Front User Submit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bfe/v1/revert' REST API endpoint in all versions up to, and including, 5.0.0. This makes it possible for unauthenticated attackers to delete arbitrary media attachments.
- Affected versions
-
max 5.0.1.
- Status
-
vulnerable
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # CVE-2025-12569
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Nov 24, 2025
- Research Description
- The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue
- Affected versions
-
max 5.0.0.
- Status
-
vulnerable
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # CVE-2025-28988
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Jun 27, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor allows Reflected XSS. This issue affects WP Front User Submit / Front Editor: from n/a through 4.9.3.
- Affected versions
-
max 4.9.4.
- Status
-
vulnerable
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # CVE-2025-52795
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Jun 20, 2025
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in aharonyan WP Front User Submit / Front Editor allows Cross Site Request Forgery. This issue affects WP Front User Submit / Front Editor: from n/a through 4.9.4.
- Affected versions
-
max 4.9.4.
- Status
-
vulnerable
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # CVE-2025-47617
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- May 07, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor allows Stored XSS. This issue affects WP Front User Submit / Front Editor: from n/a through 4.9.3.
- Affected versions
-
max 4.9.3.
- Status
-
vulnerable
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # CVE-2022-4974
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Oct 16, 2024
- Research Description
- The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
- Affected versions
-
max 3.4.1.
- Status
-
vulnerable
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # CVE-2024-2967
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- May 02, 2024
- Research Description
- The Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
- Affected versions
-
max 4.4.8.
- Status
-
vulnerable
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # CVE-2023-1982
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Aug 30, 2023
- Research Description
- The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
- Affected versions
-
max 4.0.4.
- Status
-
vulnerable
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor # 709ab8180bce5cee4fb1c317bb7666ee58024366
- CVE, Research URL
- Home page URL
- Application
-
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
- Date
- Feb 28, 2022
- Research Description
- Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor [front-editor] < 4.0.4 WordPress Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin <= 3.4.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin (versions <= 3.4.0).
- Affected versions
-
max 4.0.4.
- Status
-
vulnerable