The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin's page-editing functionality. This makes it possible for low-authenticated attackers, such as subscribers, to edit/create any page or post on the blog.
References
Configurations
History
21 Nov 2024, 06:37
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
References | () https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched/ - Exploit | |
References | () https://wordpress.org/plugins/wp-quick-front-end-editor/#developers - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/f5492bff-cfd9-41ed-a59b-4445d5e83e86?source=cve - Third Party Advisory |
13 Jun 2023, 18:30
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:webdevocean:wp_quick_frontend_editor:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
CWE | CWE-862 | |
References | (MISC) https://wordpress.org/plugins/wp-quick-front-end-editor/#developers - Product | |
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/f5492bff-cfd9-41ed-a59b-4445d5e83e86?source=cve - Third Party Advisory | |
References | (MISC) https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched/ - Exploit |
07 Jun 2023, 02:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-07 02:15
Updated : 2024-11-21 06:37
NVD link : CVE-2021-4383
Mitre link : CVE-2021-4383
CVE.ORG link : CVE-2021-4383
JSON object : View
Products Affected
webdevocean
- wp_quick_frontend_editor
CWE
CWE-862
Missing Authorization