CVE-2026-1867 - Vulnerability Details

Description

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6's settings, it is possible for an unauthenticated attacker to export and download all of the form data/settings, including the administrator's email address.

Published: 2026-03-11

Score: 5.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Guest posting / Frontend Posting / Front Editor WordPress plugin, in releases before 5.0.6, allows an external user to supply a URL parameter that triggers regeneration of a .json file from demo data. When an administrator has altered the demo form and enabled admin notifications, the resulting JSON contains all form input and configuration, including the administrator’s email address. This is a classic disclosure of confidential data with the weakness described as CWE‑200. No authentication is required for the attacker to obtain the data.

Affected Systems

Any WordPress installation that has the Guest posting / Frontend Posting / Front Editor plugin installed in a version earlier than 5.0.6 is vulnerable. The CVE notes that the issue exists in all releases up to and including 5.0.5; no explicit patch version is listed in the provided data.

Risk and Exploitability

The CVSS base score of 5.9 indicates medium severity, while the EPSS score of less than 1% suggests a low likelihood of active exploitation in the wild. The vulnerability is not present in the CISA KEV catalog, implying no known widespread exploitation. An attacker only needs to craft a URL to the plugin endpoint; no credentials or privileged access are required, making exploitation straightforward from any network that can reach the site’s public interface.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Unknown

Guest posting / Frontend Posting / Front Editor

unaffected

Version	Status	Constraints
`0`	affected	< 5.0.6

No data.

Vendor Product Confidence Versions

Wordpress

80%

Version	Status	Scheme	Platform
`—`	unaffected	—	—

Wp Front User Submit

Guest Posting / Frontend Posting / Front Editor

100%

Version	Status	Scheme	Platform
`[0,5.0.6)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Guest posting / Frontend Posting / Front Editor plugin to version 5.0.6 or newer.
If an immediate update is not feasible, disable admin notifications in the plugin settings to prevent sensitive data from being included in the exported .json file.

Generated by OpenCVE AI on March 17, 2026 at 15:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00057.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://wpscan.com/vulnerability/a78ebcd2-9355-4f4e-829e-b10867463576/

History

Thu, 12 Mar 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wordpress Wordpress wordpress Wp Front User Submit Wp Front User Submit guest Posting / Frontend Posting / Front Editor
Vendors & Products		Wordpress Wordpress wordpress Wp Front User Submit Wp Front User Submit guest Posting / Frontend Posting / Front Editor

Wed, 11 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Mar 2026 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-200
Metrics		cvssV3_1 `{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Wed, 11 Mar 2026 06:15:00 +0000

Type	Values Removed	Values Added
Description		The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6's settings, it is possible for an unauthenticated attacker to export and download all of the form data/settings, including the administrator's email address.
Title		WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure
References		https://wpscan.com/vulnerability/a78ebcd2-9355-4f4e-829e-b10867463576/

Subscriptions

Wordpress Wordpress

Wp Front User Submit Guest Posting / Frontend Posting / Front Editor

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2026-03-11T06:00:09.091Z

Updated: 2026-03-11T13:41:58.644Z

Reserved: 2026-02-03T21:55:33.287Z

Link: CVE-2026-1867

Vulnrichment

Updated: 2026-03-11T13:40:17.511Z

NVD

Status : Awaiting Analysis

Published: 2026-03-11T06:17:13.397

Modified: 2026-03-11T14:16:17.450

Link: CVE-2026-1867

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-20T14:37:47Z

Weaknesses

CWE-200

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object