CVE-2026-1867

WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure

Description

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6's settings, it is possible for an unauthenticated attacker to export and download all of the form data/settings, including the administrator's email address.

INFO

Published Date :

2026-03-11T06:00:09.091Z

Last Modified :

2026-03-11T06:00:09.091Z

Source :

WPScan

AFFECTED PRODUCTS

The following products are affected by CVE-2026-1867 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-1867.

URL	Resource
https://wpscan.com/vulnerability/a78ebcd2-9355-4f4e-829e-b10867463576/

CVE-2026-1867

WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure

Description

INFO

2026-03-11T06:00:09.091Z

2026-03-11T06:00:09.091Z

WPScan

AFFECTED PRODUCTS

REFERENCES

CVSS Vulnerability Scoring System