26 matches found
EUVD-2026-12202
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the draftpost function in all versions up to, and including, 4.2.8. This makes it...
EUVD-2026-11085
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...
CVE-2026-1867
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...
EUVD-2026-11086
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...
CVE-2026-1867
The CVE concerns the WordPress plugin Guest posting / Frontend Posting / Front Editor, vulnerable before version 5.0.6. An unauthenticated attacker can trigger export of all form data/settings (including the administrator’s email) by passing a URL parameter to regenerate a .json file derived from...
CVE-2026-1867
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...
CVE-2026-1867 WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...
WordPress plugin Guest posting / Frontend Posting / Front Editor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...
CVE-2025-13419
The Guest posting / Frontend Posting / Front Editor – WP Front User Submit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bfe/v1/revert' REST API endpoint in all versions up to, and including, 5.0.0. This makes it possibl...
CVE-2025-13419 Guest posting / Frontend Posting / Front Editor – WP Front User Submit <= 5.0.0 - Missing Authorization to Unauthenticated Media Deletion
The Guest posting / Frontend Posting / Front Editor – WP Front User Submit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bfe/v1/revert' REST API endpoint in all versions up to, and including, 5.0.0. This makes it possibl...
CVE-2025-13419
CVE-2025-13419 affects the WordPress plugin Guest posting / Frontend Posting / Front Editor – WP Front User Submit. The issue is a missing capability check on the /wp-json/bfe/v1/revert REST endpoint, present in all versions up to 5.0.0, allowing unauthenticated attackers to delete arbitrary medi...
WordPress Guest posting / Frontend Posting / Front Editor - WP Front User Submit plugin <= 5.0.0 - Missing Authorization to Unauthenticated Media Deletion vulnerability
WordPress Guest posting / Frontend Posting / Front Editor - WP Front User Submit plugin = 5.0.0 - Missing Authorization to Unauthenticated Media Deletion vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin WP Front User Submit / Front Editor versio...
WordPress plugin Frontend Post Submission Manager Lite – Frontend Posting 安全漏洞
...
CVE-2025-14913 Frontend Post Submission Manager Lite <= 1.2.6 - Incorrect Authorization to Unauthenticated Arbitrary Attachment Deletion
The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'mediadeleteaction' function in all versions up to, and including, 1.2.6. This makes it possible for...
CVE-2025-12569
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
EUVD-2025-198620
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
CVE-2025-12569
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
CVE-2025-12569 WP Front User Submit < 5.0.0 - Open Redirect
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
CVE-2025-12569 WP Front User Submit < 5.0.0 - Open Redirect
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
WordPress plugin Guest posting / Frontend Posting / Front Editor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...