PT-2026-24585 · Undefined · Undefined

Mike Gozdiskowski

Published

2026-03-11

Updated

2026-03-15

CVE-2026-1867

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Guest posting / Frontend Posting / Front Editor WordPress plugin versions prior to 5.0.6

Description The plugin allows passing a URL parameter to regenerate a .json file based on demo data. If an administrator modifies the demo form and enables admin notifications, an unauthenticated attacker can export and download all form data and settings, including the administrator's email address. The vulnerable functionality involves the regeneration of a .json file based on demo data using a URL parameter.

Recommendations Update the Guest posting / Frontend Posting / Front Editor WordPress plugin to version 5.0.6 or later.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2026-1867

Affected Products

Undefined

PT-2026-24585 · Undefined · Undefined

CVE-2026-1867

Weakness Enumeration

Related Identifiers

Affected Products

References · 5