CVE-2026-1867

Published: Mar 11, 2026

Modified: Mar 11, 2026

PUBLISHED

Description

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6's settings, it is possible for an unauthenticated attacker to export and download all of the form data/settings, including the administrator's email address.

Vendor	Product	Versions
Unknown	Guest posting / Frontend Posting / Front Editor	affected `0 - < 5.0.6`

References

https://wpscan.com/vulnerability/a78ebcd2-9355-4f4e-829e-b10867463576/

exploit

vdb-entry

technical-description

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-1867

Description

Affected Products

References