30 matches found
CVE-2026-1867
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...
CVE-2026-1867
The CVE concerns the WordPress plugin Guest posting / Frontend Posting / Front Editor, vulnerable before version 5.0.6. An unauthenticated attacker can trigger export of all form data/settings (including the administrator’s email) by passing a URL parameter to regenerate a .json file derived from...
WordPress plugin Guest posting / Frontend Posting / Front Editor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...
PT-2026-24585
🚨 CVE-2026-1867 The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting...
CVE-2025-14080 Frontend Post Submission Manager Lite <= 1.2.5 - Missing Authorization to Unauthenticated Arbitrary Post Modification
The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...
CVE-2025-14080
CVE-2025-14080 concerns the WordPress plugin Frontend Post Submission Manager Lite. The vulnerability is due to missing authorization on the fpsml_form_process AJAX action, allowing unauthenticated attackers to modify arbitrary posts by supplying a post_id via the guest posting form. Reported imp...
CVE-2025-12569
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
EUVD-2025-198620
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
CVE-2025-12569
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
CVE-2025-12569
The CVE-2025-12569 entry corresponds to an Open Redirect in the WordPress plugin Front User Submit / Front Editor (WP Front User Submit). Affected versions are prior to 5.0.0 (per the CVE) and, per Patchstack,
CVE-2025-12569 WP Front User Submit < 5.0.0 - Open Redirect
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
CVE-2025-12569 WP Front User Submit < 5.0.0 - Open Redirect
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
WordPress plugin Guest posting / Frontend Posting / Front Editor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-47885
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
CVE-2012-5318
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the directory specified...
WordPress Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin <= 3.4.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin versions = 3.4.0. Solution Update the WordPress Guest posting / Frontend Posting wordpress plugin – WP Fro...
WordPress Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin <= 3.4.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin versions = 3.4.0. Solution Update the WordPress Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front...
Wordpress Kish Guest Posting Plugin 1.0 - Arbitrary File Upload
No description provided by source. ?php / -------------------------------------------------------------------------------- Wordpress Kish Guest Posting Plugin 1.0 uploadify.php Unrestricted File Upload --------------------------------------------------------------------------------...
CVE-2012-1125
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory...
Unrestricted file upload
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory...