WordPress Plugin Vulnerabilities

WP Quick FrontEnd Editor <= 5.5 - Authenticated Settings Change leading to Stored XSS

Description

The AJAX action la_save_front_editor lacks any capability and CSRF checks, allowing low privilege users to modify the plugin's settings. Due to the lack of sanitisation on some settings, this could lead to a Stored XSS issue as well which will be triggered when a user is logged in

Affects Plugins

Plugin icon
wp-quick-front-end-editor
No known fix

References

URL
https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
9.9 (critical)

Miscellaneous

Original Researcher
Jerome Bruandet (nintechnet)
Verified
No
WPVDB ID
b4e6948f-ae4b-4256-ae93-7b0266785edd

Timeline

Publicly Published
2021-01-12 (about 3 years ago)
Added
2021-01-12 (about 3 years ago)
Last Updated
2021-01-13 (about 3 years ago)

Other

Published
Title
Published
2024-05-03
Title
SimpleShop < 2.10.1 - Cross-Site Request Forgery
Published
2021-10-01
Title
Stripe For WooCommerce 3.0.0 - 3.3.9 - Missing Authorization Controls to Financial Account Hijacking
Published
2024-02-06
Title
Customer Reviews for WooCommerce < 5.39.0 - Improper Authorization via submit_review
Published
2021-10-05
Title
Batch Cat <= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts
Published
2021-07-12
Title
Frontend File Manager < 18.3 - Privilege Escalation