CVE-2024-2967 in Guest Posting Plugininfo

Summary

by MITRE • 05/02/2024

The Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservation

03/26/2024

Disclosure

05/02/2024

Moderation

accepted

Entry

VDB-262470

CPE

ready

CWE

CWE-79 (confirmed)

CVSS

2.4 (VulDB)

EPSS

0.00357

KEV

Activities

very low

Sector

Hostingprovider

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2024-2967
NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-2967
CVE Details	https://www.cvedetails.com/cve/CVE-2024-2967/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!