The Guest posting / Frontend Posting / Front Editor – WP Front User Submit plugin for WordPress has a security issue where it is vulnerable to Cross-Site Request Forgery. This means that anyone who is not logged in can potentially trick the site’s administrator into taking an unauthorized action, such as clicking on a link. This can happen in all versions of the plugin up to version 4.9.4.