Lucene search

WordfenceCVELIST:CVE-2021-4383

HistoryJun 07, 2023 - 1:51 a.m.

CVE-2021-4383

2023-06-0701:51:52

Wordfence

www.cve.org

wordpress

frontend editor

vulnerability

content injection

capability checks

blog

attackers

subscribers

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.5%

JSON

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin’s page-editing functionality. This makes it possible for low-authenticated attackers, such as subscribers, to edit/create any page or post on the blog.

CNA Affected

[
  {
    "vendor": "labibahmed42",
    "product": "WP Quick FrontEnd Editor – WordPress Plugin",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "5.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched/

wordpress.org/plugins/wp-quick-front-end-editor/#developers

www.wordfence.com/threat-intel/vulnerabilities/id/f5492bff-cfd9-41ed-a59b-4445d5e83e86?source=cve

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.5%

JSON

Related for CVELIST:CVE-2021-4383