2 matches found
PT-2023-12495 · WordPress · Wp Quick Frontend Editor
Name of the Vulnerable Software and Affected Versions: WP Quick FrontEnd Editor plugin for WordPress versions up to and including 5.5 Description: The issue is related to page content injection due to missing capability checks in the plugin's page-editing functionality. This allows...
PT-2023-12480 · WordPress · Frontend File Manager
Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to, and including, 18.2 Description: The issue arises from lacking authorization protections, checks against users editing other's posts, and a missing security nonce on the "wpfm edit fi...