28 matches found
EUVD-2026-20379
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...
CVE-2026-39688
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...
CVE-2026-39688
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...
CVE-2026-39688
The CVE-2026-39688 entry concerns the Glowlogix WordPress WP Frontend Profile plugin (wp-front-end-profile) with vulnerable versions up to 1.3.9. It is described as Missing Authorization due to Incorrectly Configured Access Control, enabling a Broken Access Control vulnerability. The CVSSv3.1 bas...
CVE-2026-39688 WordPress WP Frontend Profile plugin <= 1.3.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...
CVE-2026-39688 WordPress WP Frontend Profile plugin <= 1.3.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...
PT-2026-31250
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...
WordPress plugin WP Frontend Profile 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-1644
The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...
EUVD-2026-10089
The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...
WordPress WP Frontend Profile plugin <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection vulnerability
Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection vulnerability discovered by johska in WordPress Plugin WP Frontend Profile versions = 1.3.8...
WordPress plugin WP Frontend Profile 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2026-1644 WP Frontend Profile <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection
The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...
CVE-2026-1644
CVE-2026-1644 pertains to the WP Frontend Profile plugin for WordPress, affected through version 1.3.8. The root cause is missing nonce validation in the update_action function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to influence user account registrations (app...
CVE-2026-1644 WP Frontend Profile <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection
The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...
CVE-2026-1644
The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...
PT-2026-23760
The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'update action' function. This makes it possible for unauthenticated attackers to approve or reject user account...
EUVD-2023-56196
Malicious code in bioql PyPI...
CVE-2023-51483
Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1...
CVE-2023-51483 WordPress WP Frontend Profile plugin <= 1.3.1 - Unauthenticated Privilege Escalation vulnerability
Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1...