PT-2023-12495 · WordPress · Wp Quick Frontend Editor
Jerome Bruandet
·
Published
2023-06-07
·
Updated
2023-06-13
·
CVE-2021-4383
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WP Quick FrontEnd Editor plugin for WordPress versions up to and including 5.5
Description
The issue is related to page content injection due to missing capability checks in the plugin's page-editing functionality. This allows low-authenticated attackers, such as subscribers, to edit or create any page or post on the blog.
Recommendations
For WP Quick FrontEnd Editor plugin for WordPress versions up to and including 5.5, consider disabling the page-editing functionality until a patch is available. Restrict access to the plugin's editing features to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Quick Frontend Editor