CVE-2025-23540 WordPress WP Front-end login and register plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

🗓️ 23 Jan 2025 15:20:16Reported by PatchstackType

WordPress WP Front-end login plugin <= 2.1.0 has Reflected XSS vulnerability affecting web pages.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-23540	23 Jan 202515:30	–	circl
CNNVD	WordPress plugin WP Front-end login and register 跨站脚本漏洞	23 Jan 202500:00	–	cnnvd
CVE	CVE-2025-23540	23 Jan 202515:20	–	cve
EUVD	EUVD-2025-3238	3 Oct 202520:07	–	euvd
NVD	CVE-2025-23540	23 Jan 202516:15	–	nvd
Patchstack	WordPress WP Front-end login and register plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability	16 Jan 202518:41	–	patchstack
Positive Technologies	PT-2025-4930 · Mohsin Khan · Wp Front-End Login/Register	23 Jan 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-23540	6 Feb 202502:54	–	redhatcve
Vulnrichment	CVE-2025-23540 WordPress WP Front-end login and register plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability	23 Jan 202515:20	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (January 13, 2025 to January 19, 2025)	23 Jan 202515:41	–	wordfence

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-front-end-login-and-register",
    "product": "WP Front-end login and register",
    "vendor": "Mohsin Khan",
    "versions": [
      {
        "lessThanOrEqual": "2.1.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/Wordpress/Plugin/wp-front-end-login-and-register/vulnerability/wordpress-wp-front-end-login-and-register-plugin-2-1-0-reflected-cross-site-scripting-xss-vulnerability

28 Apr 2026 16:11Current

CVSS 3.17.1

EPSS0.00187

CWE-79

cve-2025-23540 wordpress vulnerability reflected cross site scripting