cleantalk
Vulnerabilities and Security Researches

Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor, CVE-2023-1982

CVE, Research URL

CVE-2023-1982

Home page URL

Security reports for Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor

Application

Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor

Published on
Aug 30, 2023
Research Description
The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions
Min -, max 4.0.4.
Status
vulnerable
Previous vulnerability researches
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor (CVE-2022-4974) , Nov 16, 2024
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor (CVE-2024-2967) , Jun 06, 2024
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor (CVE-2023-1982) , Jun 06, 2024
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor (709ab8180bce5cee4fb1c317bb7666ee58024366) , Jun 06, 2024
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor (CVE-2025-47617) , May 09, 2025
New vulnerability
SMS Alert Order Notifications – WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Contact Us By Lord Linus (CVE-2025-1382) , May 11, 2025