Lucene search

WordfenceCVELIST:CVE-2021-4371

HistoryJun 07, 2023 - 1:51 a.m.

CVE-2021-4371

2023-06-0701:51:41

Wordfence

www.cve.org

cve-2021-4371

wordpress

security vulnerability

nonce

capabilities check

low-authenticated attackers

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.5%

JSON

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not have the capabilities to do so.

CNA Affected

[
  {
    "vendor": "labibahmed42",
    "product": "WP Quick FrontEnd Editor – WordPress Plugin",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "5.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched/

wordpress.org/plugins/wp-quick-front-end-editor/#developers

www.wordfence.com/threat-intel/vulnerabilities/id/c392750b-ae4a-48b5-9ccb-43852fb13e27?source=cve

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.5%

JSON

Related for CVELIST:CVE-2021-4371