CVE-2021-4383
WP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Content Injection
CVSS Score
8.1
EPSS Score
0.0%
EPSS Percentile
0th
The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin's page-editing functionality. This makes it possible for low-authenticated attackers, such as subscribers, to edit/create any page or post on the blog.
| CWE | CWE-862 |
| Vendor | labibahmed42 |
| Product | wp quick frontend editor – wordpress plugin |
| Published | Jun 7, 2023 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for labibahmed42 wp quick frontend editor – wordpress plugin
Be the first to know when new high vulnerabilities affecting labibahmed42 wp quick frontend editor – wordpress plugin are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
labibahmed42 / WP Quick FrontEnd Editor – WordPress Plugin
0 ≤ 5.5
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/f5492bff-cfd9-41ed-a59b-4445d5e83e86?source=cve blog.nintechnet.com: https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched/ wordpress.org: https://wordpress.org/plugins/wp-quick-front-end-editor/#developers
Credits
Jerome Bruandet