WordPress WPFront User Role Editor Plugin <= 4.2.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin WPFront User Role Editor versions = 4.2.3...

CVE-2024-2931

The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfrontuserroleeditorassignrolesuserautocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level acces...

CVE-2021-24984

The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting...

CVE-2025-3064

The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelistoptions function. This makes it possible for unauthenticated attackers to update the...

CVE-2025-3064

CVE-2025-3064 : WordPress plugin WPFront User Role Editor (affected versions up to 4.2.1) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in whitelist_options(). This allows unauthenticated attackers to update the default role option, enabling privilege escal...

CVE-2025-3064 WPFront User Role Editor <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function

The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelistoptions function. This makes it possible for unauthenticated attackers to update the...

CVE-2025-3064 WPFront User Role Editor <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function

The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelistoptions function. This makes it possible for unauthenticated attackers to update the...

PT-2025-15409 · Wpfront · Wpfront User Role Editor

Name of the Vulnerable Software and Affected Versions: WPFront User Role Editor versions up to 4.2.1 Description: The issue is related to Cross-Site Request Forgery, caused by missing or incorrect nonce validation in the whitelist options function. This allows unauthenticated attackers to update...

WordPress WPFront User Role Editor Plugin <= 3.2.1.11184 is vulnerable to Sensitive Data Exposure

Software WPFront User Role Editor Type Plugin Vulnerable versions = 3.2.1.11184 Fixed in 4.1.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2931 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5c39a15c1361 Credits AmrAwad...

WordPress WPFront User Role Editor plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress WPFront User Role Editor plugin has a cross-site scripting vulnerability in versions prior to...

CVE-2021-24984

The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting...

CVE-2021-24984

The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting...

WordPress WPFront User Role Editor plugin <= 3.1.0.10272 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress WPFront User Role Editor plugin versions = 3.1.0.10272. Solution Update the WordPress WPFront User Role Editor plugin to the latest available version at least 3.2.1.11184...

WPFront User Role Editor < 3.2.1.11184 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting...

WPFront User Role Editor < 3.2.1.11184 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting PoC...