2 matches found
CVE-2021-4371 WP Quick FrontEnd Editor <= 5.5 - Authenticated Settings Change
The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not ha...
CVE-2021-4371
The CVE-2021-4371 entry concerns the WP Quick FrontEnd Editor WordPress plugin, affected through version 5.5. The underlying issue is a missing security nonce and missing capabilities check, enabling low-authenticated attackers to change plugin settings they should not be able to modify. This vul...