High severity8.1NVD Advisory· Published Jun 7, 2023· Updated Apr 8, 2026

CVE-2021-4383

Description

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin's page-editing functionality. This makes it possible for low-authenticated attackers, such as subscribers, to edit/create any page or post on the blog.

Affected products

Webdevocean/Wp Quick Frontend Editor
cpe:2.3:a:webdevocean:wp_quick_frontend_editor:*:*:*:*:*:wordpress:*:*
Range: <=5.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched/nvdExploit
www.wordfence.com/threat-intel/vulnerabilities/id/f5492bff-cfd9-41ed-a59b-4445d5e83e86nvdThird Party Advisory
wordpress.org/plugins/wp-quick-front-end-editor/nvdProduct

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000