EUVD-2026-34926

The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the funpajaxmodifynotes function. This makes it possible for unauthenticated attackers to trick a logged-in...

CVE-2026-7047

The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the funpajaxmodifynotes function. This makes it possible for unauthenticated attackers to trick a logged-in...

PT-2026-47069

The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the funp ajax modify notes function. This makes it possible for unauthenticated attackers to trick a...

CVE-2025-12071

The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funpajaxmodifynotes' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2025-12071

The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funpajaxmodifynotes' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

WordPress plugin Frontend User Notes 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20218

Name of the Vulnerable Software and Affected Versions Frontend User Notes plugin for WordPress versions up to and including 2.1.0 Description The Frontend User Notes plugin for WordPress contains a flaw that allows authenticated attackers with Subscriber-level access or higher to modify notes tha...

WordPress Frontend User Notes plugin <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note Modification vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Note Modification vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Frontend User Notes versions = 2.1.0...