{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1867", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2026-02-03T21:55:33.287Z", "datePublished": "2026-03-11T06:00:09.091Z", "dateUpdated": "2026-03-11T13:41:58.644Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-03-11T06:00:09.091Z"}, "title": "WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure", "problemTypes": [{"descriptions": [{"description": "CWE-200 Information Exposure", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Guest posting / Frontend Posting / Front Editor", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "5.0.6"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6's settings, it is possible for an unauthenticated attacker to export and download all of the form data/settings, including the administrator's email address."}], "references": [{"url": "https://wpscan.com/vulnerability/a78ebcd2-9355-4f4e-829e-b10867463576/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Mike Gozdiskowski", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-11T13:41:13.734634Z", "id": "CVE-2026-1867", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T13:41:58.644Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-1867", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T13:41:13.734634Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T13:40:17.511Z"}}], "cna": {"title": "WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Mike Gozdiskowski"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Guest posting / Frontend Posting / Front Editor", "versions": [{"status": "affected", "version": "0", "lessThan": "5.0.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/a78ebcd2-9355-4f4e-829e-b10867463576/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6's settings, it is possible for an unauthenticated attacker to export and download all of the form data/settings, including the administrator's email address."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-200 Information Exposure"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-03-11T06:00:09.091Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1867", "state": "PUBLISHED", "dateUpdated": "2026-03-11T13:41:58.644Z", "dateReserved": "2026-02-03T21:55:33.287Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2026-03-11T06:00:09.091Z", "assignerShortName": "WPScan"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6's settings, it is possible for an unauthenticated attacker to export and download all of the form data/settings, including the administrator's email address."}, {"lang": "es", "value": "El plugin de WordPress Guest posting / Frontend Posting / Front Editor anterior a la versi\u00f3n 5.0.6 permite pasar un par\u00e1metro URL para regenerar un archivo .json basado en datos de demostraci\u00f3n que crea inicialmente. Si un administrador modifica el formulario de demostraci\u00f3n y habilita las notificaciones de administrador en la configuraci\u00f3n del plugin de WordPress Guest posting / Frontend Posting / Front Editor anterior a la versi\u00f3n 5.0.6, es posible que un atacante no autenticado exporte y descargue todos los datos/ajustes del formulario, incluida la direcci\u00f3n de correo electr\u00f3nico del administrador."}], "id": "CVE-2026-1867", "lastModified": "2026-04-15T15:05:47.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-11T06:17:13.397", "references": [{"source": "contact@wpscan.com", "url": "https://wpscan.com/vulnerability/a78ebcd2-9355-4f4e-829e-b10867463576/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.0.6)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Guest posting / Frontend Posting / Front Editor", "source": "cna", "vendor": "Unknown"}, "product": "guest_posting_/_frontend_posting_/_front_editor", "vendor": "wp_front_user_submit"}], "analysis": {"en": {"generated_at": "2026-03-17T15:32:45.805879+00:00", "value": {"mitigation_remediation": ["Update the Guest posting / Frontend Posting / Front Editor plugin to version 5.0.6 or newer. ", "If an immediate update is not feasible, disable admin notifications in the plugin settings to prevent sensitive data from being included in the exported .json file."], "summary": {"action": "Patch", "impact": "Sensitive Information Exposure"}, "threat_synthesis": {"affected_systems": "Any WordPress installation that has the Guest posting / Frontend Posting / Front Editor plugin installed in a version earlier than 5.0.6 is vulnerable. The CVE notes that the issue exists in all releases up to and including 5.0.5; no explicit patch version is listed in the provided data.", "description_and_impact": "The Guest posting / Frontend Posting / Front Editor WordPress plugin, in releases before 5.0.6, allows an external user to supply a URL parameter that triggers regeneration of a .json file from demo data. When an administrator has altered the demo form and enabled admin notifications, the resulting JSON contains all form input and configuration, including the administrator\u2019s email address. This is a classic disclosure of confidential data with the weakness described as CWE\u2011200. No authentication is required for the attacker to obtain the data.", "risk_and_exploitability": "The CVSS base score of 5.9 indicates medium severity, while the EPSS score of less than 1% suggests a low likelihood of active exploitation in the wild. The vulnerability is not present in the CISA KEV catalog, implying no known widespread exploitation. An attacker only needs to craft a URL to the plugin endpoint; no credentials or privileged access are required, making exploitation straightforward from any network that can reach the site\u2019s public interface."}}}}, "created": "2026-03-12T10:06:26.349895+00:00", "updated": "2026-03-20T14:37:47.270565+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "wp_front_user_submit", "wp_front_user_submit$PRODUCT$guest_posting_/_frontend_posting_/_front_editor"]}