Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High0
Medium4
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2026-04-15

CVE-2026-1867 - Front Editor Plugin

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6's settings, it is possible for an unauthenticated attacker to export and download all of the form data/settings, including the administrator's email address.

PLUGIN Front Editor

CVE-2026-1867

MEDIUM CVSS 5.9 2026-03-11
Open Full Technical Breakdown
Threat Entry Updated 2025-11-25

CVE-2025-12569 - Front Editor Plugin

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue

PLUGIN Front Editor

CVE-2025-12569

MEDIUM CVSS 4.7 2025-11-24
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-2967 - Front Editor Plugin

The Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN Front Editor

CVE-2024-2967

MEDIUM CVSS 4.4 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-1982 - Front Editor Plugin

The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Front Editor

CVE-2023-1982

MEDIUM CVSS 4.8 2023-08-30
Open Full Technical Breakdown
Scroll to top