Guest Posting / Frontend Posting / Front Editor – Wp Front User Submit
Approved changes feed: RSS · Atom
cpe:2.3:a:aharonyan:guest_posting_/_frontend_posting_/_front_editor_–_wp_front_user_submit:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Aharonyan (b6c3d18d-f99a-5d2d-867e-0924c66f79f8) |
|---|---|
| Product | Guest Posting / Frontend Posting / Front Editor – Wp Front User Submit (e44d6f49-8afb-5c76-bfd6-3ee24519a4d7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-13419 |
vulnerable | 2026-06-08 07:04:32.162526 |
Guest posting / Frontend Posting / Front Editor – WP Front User Submit <= 5.0.0 - Missing Authorization to Unauthenticated Media Deletion
MEDIUM (5.3)
The Guest posting / Frontend Posting / Front Editor – WP Front User Submit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bfe/v1/revert' REST API endpoint in all versions up to, and including, 5.0.0. This makes it possible for unauthenticated attackers to delete arbitrary media attachments.
Published: 2026-01-07T09:21:00.404Z
Updated: 2026-04-08T17:05:06.354Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2967 |
vulnerable | 2026-06-08 06:35:27.855632 |
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor <= 4.4.7 - Authenticated (Admin+) Stored Cross-Site Scripting
MEDIUM (4.4)
The Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 4.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Published: 2024-05-02T16:52:19.291Z
Updated: 2026-04-08T17:04:04.742Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4974 |
vulnerable | 2026-06-08 05:52:02.473923 |
Freemius SDK <= 2.4.2 - Missing Authorization Checks
MEDIUM (6.3)
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Published: 2024-10-16T06:43:30.014Z
Updated: 2026-04-08T16:46:54.861Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.