WordPress Plugin Vulnerabilities

WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure

Description

The plugin allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the plugin's settings, it is possible for an unauthenticated attacker to export and download all of the form data/settings, including the administrator's email address.

Proof of Concept

Affects Plugins

Plugin icon
front-editor
Fixed in 5.0.6

References

CVE
CVE-2026-1867

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
Mike Gozdiskowski
Submitter
Mike Gozdiskowski
Verified
Yes
WPVDB ID
a78ebcd2-9355-4f4e-829e-b10867463576

Timeline

Publicly Published
2026-02-18 (about 21 days ago)
Added
2026-02-18 (about 20 days ago)
Last Updated
2026-02-18 (about 20 days ago)

Other

Published
Title
Published
2024-07-09
Title
SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer < 3.10.9 - Unauthenticated Full Path Disclosure
Published
2025-10-26
Title
Shortcodes and extra features for Phlox <= 2.17.12 - Unauthenticated Information Exposure
Published
2023-12-06
Title
WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download
Published
2024-09-24
Title
HT Mega – Absolute Addons For Elementor < 2.6.6 - Authenticated (Contributor+) Sensitive Information Exposure via template_id
Published
2021-11-29
Title
CorreosExpress <= 2.6.0 - Sensitive Information Disclosure