Guest%20posting%20%2F%20Frontend%20Posting%20%2F%20Front%20Editor

Guest posting / Frontend Posting / Front Editor

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-1867

Assigner-WPScan

View Details

Assigner-WPScan

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.30%

7 Day CHG+0.01%

Published-11 Mar, 2026 | 06:00

Updated-11 Mar, 2026 | 14:16

WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6's settings, it is possible for an unauthenticated attacker to export and download all of the form data/settings, including the administrator's email address.

Vendor-Unknown

Product-Guest posting / Frontend Posting / Front Editor

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CVE-2025-12569

Assigner-WPScan

View Details

Assigner-WPScan

CVSS Score-4.7||MEDIUM

EPSS-0.05% / 16.03%

7 Day CHG~0.00%

Published-24 Nov, 2025 | 06:00

Updated-25 Nov, 2025 | 22:16

WP Front User Submit < 5.0.0 - Open Redirect

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue

Vendor-Unknown

Product-Guest posting / Frontend Posting / Front Editor

CWE ID-CWE-601

URL Redirection to Untrusted Site ('Open Redirect')