CVE-2021-4371

low-risk
Published 2023-06-07

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not have the capabilities to do so.

Do I need to act?

-
0.08% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Wp Quick Frontend Editor

Affected Vendors

Pluginmirror

References (6)

Exploit https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-wp-quick-front...
Product https://wordpress.org/plugins/wp-quick-front-end-editor/#developers
Third Party Advisory https://www.wordfence.com/threat-intel/vulnerabilities/id/c392750b-ae4a-48b5-9cc...
Exploit https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-wp-quick-front...
Product https://wordpress.org/plugins/wp-quick-front-end-editor/#developers
Third Party Advisory https://www.wordfence.com/threat-intel/vulnerabilities/id/c392750b-ae4a-48b5-9cc...
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal