GCVE - cpe:2.3:a:accesspressthemes:frontend_post_wordpress

Approved changes feed: RSS · Atom

cpe:2.3:a:accesspressthemes:frontend_post_wordpress_plugin:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Accesspressthemes (`f69d30d4-213e-591e-a578-b005fb42861b`)
Product	Frontend Post Wordpress Plugin (`f27e3079-4539-5ea2-baa8-709856a7e378`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-4946`	vulnerable	2026-06-03 14:48:43.439094	Frontend Post WordPress Plugin <= 2.8.4 - Contributor+ Arbitrary Redirect The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain. Published: 2023-06-05T13:39:00.602Z Updated: 2025-01-08T16:55:29.030Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/6e222018-a3e0-4af0-846c-6f00b67dfbc0	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-10025`	vulnerable	2026-06-03 14:31:40.786883	WordPress Plugin Advanced Custom Fields <= 3.5.1 Remote File Inclusion The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core/actions/export.php. When the PHP configuration directive allow_url_include is enabled (default: Off), an unauthenticated attacker can exploit the acf_abspath POST parameter to include and execute arbitrary remote PHP code. This leads to remote code execution under the web server’s context, allowing full compromise of the host. Published: 2025-08-05T20:06:00.838Z Updated: 2026-05-15T11:13:52.958Z Open on db.gcve.eu Reference links https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_advanced_custom_fields_exec.rb https://www.exploit-db.com/exploits/23856 http://web.archive.org/web/20121223025326/http://secunia.com:80/advisories/51037 https://www.tenable.com/plugins/nessus/63326 https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-custom-fields/advanced-custom-fields-351-remote-code-execution-via-remote-file-inclusion	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Frontend Post Wordpress Plugin

PURL mappings

Vulnerability references

Contribute