Cross site scripting

2023-06-0702:15:00

PRIOn knowledge base

www.prio-n.com

wordpress

frontend editor

vulnerability

stored cross-site scripting

authenticated attackers

insufficient input sanitization

output escaping

0.001 Low

EPSS

Percentile

34.7%

JSON

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with minimal permissions like subscribers, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CPENameOperatorVersion
wp_quick_frontend_editorle5.5

CPE	Name	Operator	Version
	wp_quick_frontend_editor	le	5.5

References

blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched/

www.wordfence.com/threat-intel/vulnerabilities/id/ed137706-1313-4bff-882b-13d9fa11498c?source=cve

0.001 Low

EPSS

Percentile

34.7%

JSON

Related for PRION:CVE-2021-4378