56 matches found
EUVD-2021-11896
Malware in sbrugna...
EUVD-2024-27873
Malicious code in bioql PyPI...
EUVD-2024-50749
Malicious code in bioql PyPI...
CVE-2025-60102
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Syam Mohan WPFront User Role Editor wpfront-user-role-editor allows Stored XSS.This issue affects WPFront User Role Editor: from n/a through = 4.2.3...
WordPress WPFront User Role Editor Plugin <= 4.2.3 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin WPFront User Role Editor versions = 4.2.3...
CVE-2025-60102
CVE-2025-60102 : Stored Cross-Site Scripting in WPFront User Role Editor for WordPress. Affected software: WPFront User Role Editor, version range up to and including 4.2.3. Root cause and impact: improper neutralization of input during web page generation leading to stored XSS. Public details in...
CVE-2025-60102 WordPress WPFront User Role Editor Plugin <= 4.2.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Syam Mohan WPFront User Role Editor wpfront-user-role-editor allows Stored XSS.This issue affects WPFront User Role Editor: from n/a through = 4.2.3...
CVE-2024-11008
The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts tha...
CVE-2024-2931
The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfrontuserroleeditorassignrolesuserautocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level acces...
CVE-2021-24984
The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting...
CVE-2025-2314 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient input sanitization and output escaping on...
CVE-2025-3064
The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelistoptions function. This makes it possible for unauthenticated attackers to update the...
CVE-2025-3064 WPFront User Role Editor <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function
The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelistoptions function. This makes it possible for unauthenticated attackers to update the...
CVE-2025-3064
CVE-2025-3064 : WordPress plugin WPFront User Role Editor (affected versions up to 4.2.1) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in whitelist_options(). This allows unauthenticated attackers to update the default role option, enabling privilege escal...
CVE-2025-3064 WPFront User Role Editor <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function
The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelistoptions function. This makes it possible for unauthenticated attackers to update the...
WordPress plugin WPFront User Role Editor 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
PT-2025-15409 · Wpfront · Wpfront User Role Editor
Name of the Vulnerable Software and Affected Versions: WPFront User Role Editor versions up to 4.2.1 Description: The issue is related to Cross-Site Request Forgery, caused by missing or incorrect nonce validation in the whitelist options function. This allows unauthenticated attackers to update...
WordPress WPFront User Role Editor plugin <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function vulnerability
Cross-Site Request Forgery to Privilege Escalation via whitelistoptions Function vulnerability discovered by WordFence in WordPress Plugin WPFront User Role Editor versions = 4.2.1...
CVE-2024-12293
The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.64.3. This is due to missing or incorrect nonce validation on the updateroles function. This makes it possible for unauthenticated attackers to add or remove roles for...
CVE-2024-12293
CVE-2024-12293 concerns the WordPress plugin User Role Editor. The vulnerability is a CSRF flaw in update_roles() that allows unauthenticated attackers to add or remove roles for arbitrary users, potentially escalating privileges to administrator. Affected versions are all up to and including 4.6...