The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin's page-editing functionality. This makes it possible for low-authenticated attackers, such as subscribers, to edit/create any page or post on the blog.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-07T01:51:52.554Z
Updated: 2023-06-07T01:51:52.554Z
Reserved: 2023-06-06T13:40:19.727Z
Link: CVE-2021-4383
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-07T02:15:15.607
Modified: 2023-11-07T03:40:49.693
Link: CVE-2021-4383
JSON object: View
Redhat Information
No data.
CWE