What is CVE -2026-1867?

CVE-2026-1867 is a security vulnerability in the Guest posting / Frontend Posting / Front Editor – WP Front User Submit plugin for WordPress, affecting versions prior to 5.0.6. It allows unauthenticated attackers to access sensitive information, potentially leading to information exposure.

Who is affected by this vulnerability?

Any WordPress site using the WP Front User Submit plugin version 5.0.6 or earlier is affected by this vulnerability. Administrators should check their plugin version to determine if they need to take action.

How can I check if my site is vulnerable?

You can check the version of the WP Front User Submit plugin installed on your WordPress site by navigating to the Plugins section in the WordPress admin dashboard. If the version is less than 5.0.6, your site is vulnerable.

What does a CVSS score of 5.3 indicate?

A CVSS score of 5.3 is classified as medium severity, indicating that the vulnerability poses a moderate risk. While it may not be critical, it is still advisable to address the vulnerability promptly to protect sensitive information.

What types of information could be exposed?

The vulnerability may allow attackers to extract sensitive user or configuration data from the affected WordPress installation. This could include user credentials, personal information, or site configuration settings.

How can I mitigate the risk of this vulnerability?

To mitigate this vulnerability, update the WP Front User Submit plugin to version 5.0.6 or later. Additionally, review your site’s security settings and consider implementing access controls to limit unauthenticated access.

What are the potential impacts of this vulnerability?

The potential impacts of this vulnerability include unauthorized access to sensitive information, which could lead to further attacks or data breaches. However, the exact impact cannot be determined without specific details on the vulnerability’s nature.

Is there a proof of concept for this vulnerability?

Currently, there is no detailed proof of concept available for CVE-2026-1867. The lack of specific technical details makes it difficult to provide exploitation methods or demonstration scenarios.

What should I do if I cannot update the plugin?

If you are unable to update the WP Front User Submit plugin, consider disabling it until a fix is available. Additionally, review your site’s security measures to limit potential exploitation.

How does this vulnerability relate to the CWE classification?

CWE classification helps categorize the type of vulnerability. In this case, the lack of a specific CWE makes it challenging to understand the underlying weakness, which could involve authentication issues or improper data handling.

What are the next steps for WordPress administrators?

WordPress administrators should prioritize updating vulnerable plugins, monitor security advisories, and conduct regular security audits of their installations to identify and address vulnerabilities.

Where can I find more information about this vulnerability?

For more information about CVE-2026-1867, you can refer to the official CVE database, security advisories from WordPress, and trusted security blogs that cover vulnerabilities in WordPress plugins.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 23, 2026

CVE-2026-1867: Guest posting / Frontend Posting / Front Editor – WP Front User Submit < 5.0.6 – Unauthenticated Information Exposure (front-editor)

CVE ID CVE-2026-1867

Plugin front-editor

Severity Medium (CVSS 5.3)

CWE 200

Vulnerable Version —

Patched Version —

Disclosed March 11, 2026

Analysis Overview

Atomic Edge analysis of CVE-2026-1867 (metadata-based):

Insufficient vulnerability metadata is available for analysis. The provided CVE ID, title, description, CVSS vector, and CWE classification are all listed as N/A. The plugin slug ‘front-editor’ indicates a WordPress plugin, but without a vulnerability description, severity scoring, or weakness classification, no technical analysis can be performed. No vulnerable or patched versions are specified, and the plugin is not downloadable from WordPress.org for independent review.

Atomic Edge research cannot infer a root cause without a CWE classification or vulnerability description. The lack of these core metadata fields prevents any determination of whether the issue relates to authentication, input validation, access control, or another security mechanism. All conclusions about the vulnerability’s nature would be speculative.

An exploitation method cannot be described. Without knowing the vulnerability type (e.g., SQL injection, cross-site scripting, privilege escalation) or the affected component (e.g., AJAX handler, REST endpoint, admin page), it is impossible to specify attack vectors, endpoints, parameters, or payloads. The plugin slug alone does not provide enough context for exploitation details.

Remediation steps are unknown. A fix depends entirely on the vulnerability class, which is not provided. Potential fixes could range from adding capability checks and nonce verification to implementing proper input sanitization or output escaping, but no specific guidance can be offered.

The impact of this vulnerability is undetermined. Potential consequences for WordPress plugins include remote code execution, SQL injection, cross-site scripting, privilege escalation, or information disclosure. However, without a description or CWE, the actual impact on confidentiality, integrity, and availability cannot be assessed.

Frequently Asked Questions

What is CVE-2026-1867?
Overview of the vulnerability
CVE-2026-1867 is a security vulnerability in the Guest posting / Frontend Posting / Front Editor – WP Front User Submit plugin for WordPress, affecting versions prior to 5.0.6. It allows unauthenticated attackers to access sensitive information, potentially leading to information exposure.
Who is affected by this vulnerability?
Identifying vulnerable installations
Any WordPress site using the WP Front User Submit plugin version 5.0.6 or earlier is affected by this vulnerability. Administrators should check their plugin version to determine if they need to take action.
How can I check if my site is vulnerable?
Steps to verify plugin version
You can check the version of the WP Front User Submit plugin installed on your WordPress site by navigating to the Plugins section in the WordPress admin dashboard. If the version is less than 5.0.6, your site is vulnerable.
What does a CVSS score of 5.3 indicate?
Understanding the severity level
A CVSS score of 5.3 is classified as medium severity, indicating that the vulnerability poses a moderate risk. While it may not be critical, it is still advisable to address the vulnerability promptly to protect sensitive information.
What types of information could be exposed?
Potential data risks
The vulnerability may allow attackers to extract sensitive user or configuration data from the affected WordPress installation. This could include user credentials, personal information, or site configuration settings.
How can I mitigate the risk of this vulnerability?
Recommended actions
To mitigate this vulnerability, update the WP Front User Submit plugin to version 5.0.6 or later. Additionally, review your site’s security settings and consider implementing access controls to limit unauthenticated access.
What are the potential impacts of this vulnerability?
Consequences of exploitation
The potential impacts of this vulnerability include unauthorized access to sensitive information, which could lead to further attacks or data breaches. However, the exact impact cannot be determined without specific details on the vulnerability’s nature.
Is there a proof of concept for this vulnerability?
Demonstration of the issue
Currently, there is no detailed proof of concept available for CVE-2026-1867. The lack of specific technical details makes it difficult to provide exploitation methods or demonstration scenarios.
What should I do if I cannot update the plugin?
Alternative measures
If you are unable to update the WP Front User Submit plugin, consider disabling it until a fix is available. Additionally, review your site’s security measures to limit potential exploitation.
How does this vulnerability relate to the CWE classification?
Understanding the weakness
CWE classification helps categorize the type of vulnerability. In this case, the lack of a specific CWE makes it challenging to understand the underlying weakness, which could involve authentication issues or improper data handling.
What are the next steps for WordPress administrators?
Actionable recommendations
WordPress administrators should prioritize updating vulnerable plugins, monitor security advisories, and conduct regular security audits of their installations to identify and address vulnerabilities.
Where can I find more information about this vulnerability?
Resources for further reading
For more information about CVE-2026-1867, you can refer to the official CVE database, security advisories from WordPress, and trusted security blogs that cover vulnerabilities in WordPress plugins.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations