PT-2026-24585 · Undefined · Undefined
Mike Gozdiskowski
·
Publicado
2026-03-11
·
Atualizado
2026-03-15
·
CVE-2026-1867
CVSS v3.1
5.9
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Guest posting / Frontend Posting / Front Editor WordPress plugin versions prior to 5.0.6
Description
The plugin allows passing a URL parameter to regenerate a .json file based on demo data. If an administrator modifies the demo form and enables admin notifications, an unauthenticated attacker can export and download all form data and settings, including the administrator's email address. The vulnerable functionality involves the regeneration of a
.json file based on demo data using a URL parameter.Recommendations
Update the Guest posting / Frontend Posting / Front Editor WordPress plugin to version 5.0.6 or later.
Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Undefined