The WP Front User Submit / Front Editor WordPress plugin is vulnerable to a security issue in versions up to and including 4.0.4. This issue could allow an attacker with administrator-level permissions to inject malicious web scripts into pages. If someone visits one of these pages, the malicious script will execute. This vulnerability only affects multi-site installations or installations where the ‘unfiltered_html’ option has been disabled.