CVE-2021-4383
WP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Content Injection
Severity Score
4.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin's page-editing functionality. This makes it possible for low-authenticated attackers, such as subscribers, to edit/create any page or post on the blog.
El plugin WP Quick FrontEnd para WordPress es vulnerable a la inyección de contenido de páginas en versiones hasta la v5.5 inclusive. Esto se debe a la falta de comprobaciones en la funcionalidad de edición de páginas del plugin. Esto hace posible que atacantes poco autenticados, como los suscriptores, editen/creen cualquier página o entrada en el blog.
*Credits:
Jerome Bruandet
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-12 CVE Published
- 2023-06-06 CVE Reserved
- 2024-06-13 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-862: Missing Authorization
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://wordpress.org/plugins/wp-quick-front-end-editor/#developers | Product | |
| https://www.wordfence.com/threat-intel/vulnerabilities/id/f5492bff-cfd9-41ed-a59b-4445d5e83e86?source=cve | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Webdevocean Search vendor "Webdevocean" | Wp Quick Frontend Editor Search vendor "Webdevocean" for product "Wp Quick Frontend Editor" | <= 5.5 Search vendor "Webdevocean" for product "Wp Quick Frontend Editor" and version " <= 5.5" | wordpress |
Affected
| ||||||