WordPress · Front Editor · CVE-2023-1982
**Name of the Vulnerable Software and Affected Versions**
The Front Editor WordPress plugin versions 4.0.4 and earlier
**Description**
The issue allows high-privilege users to perform Stored Cross-Site Scripting attacks due to the lack of sanitization and escaping of some form settings. This can occur even when the unfiltered html capability is disallowed, such as in a multisite setup.
**Recommendations**
For versions 4.0.4 and earlier, update to a version that sanitizes and escapes form settings to prevent Stored Cross-Site Scripting attacks.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.