WordPress Frontend Admin by DynamiApps plugin <= 3.28.36 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Colin Xu in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.36...

CVE-2026-5127

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserialization of Untrusted Data in versions up to, and including, 4.3.1 This is due to insufficient input validation and type checking on the wpuffiles...

WordPress plugin Frontend File Manager Plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is a...

CVE-2026-39688

Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...

CVE-2026-32485

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...

CVE-2026-32485

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...

CVE-2026-24364 WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.5...

PT-2026-27851

Name of the Vulnerable Software and Affected Versions weDevs WP User Frontend versions prior to 4.2.5 Description An authorization issue exists in weDevs WP User Frontend. The issue involves exploiting incorrectly configured access control security levels. Recommendations Update weDevs WP User...

CVE-2026-1644

The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...

CVE-2026-25005

CVE-2026-25005 affects WordPress Frontend File Manager plugin versions up to and including 23.5, with an Insecure Direct Object References (IDOR) vulnerability that enables an Authorization Bypass through a user-controlled key, due to misconfigured access controls in the nmedia-user-file-uploader...

CVE-2026-25005 WordPress Frontend File Manager plugin <= 23.5 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.5...

WordPress Frontend Admin by DynamiApps plugin <= 3.28.20 - Unauthenticated Arbitrary Options Update vulnerability

Unauthenticated Arbitrary Options Update vulnerability discovered by YCInfosec in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.20...

CVE-2025-64265 WordPress Frontend File Manager plugin <= 23.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.2...

CVE-2025-64265 WordPress Frontend File Manager plugin <= 23.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.2...

CVE-2025-58673

Improper Control of Generation of Code 'Code Injection' vulnerability in weDevs WP User Frontend wp-user-frontend allows Code Injection.This issue affects WP User Frontend: from n/a through = 4.1.12...

CVE-2025-57898

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jose Vega WP Frontend Admin display-admin-page-on-frontend allows Stored XSS.This issue affects WP Frontend Admin: from n/a through = 1.22.7...

CVE-2025-57898 WordPress WP Frontend Admin plugin <= 1.22.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jose Vega WP Frontend Admin display-admin-page-on-frontend allows Stored XSS.This issue affects WP Frontend Admin: from n/a through = 1.22.7...

CVE-2025-57898

CVE-2025-57898 is a Stored XSS in the WordPress plugin WP Frontend Admin (Display WP Admin Pages in the Frontend). Public docs show affected software: WP Frontend Admin

CVE-2025-58235

CVE-2025-58235 affects the WordPress plugin Front End Users (front-end-only-users). The connected Wordfence entry specifies an Authenticated (Contributor+) Stored XSS vulnerability in Front End Users

PT-2025-38962

Name of the Vulnerable Software and Affected Versions WP User Frontend versions through 4.1.11 Description An improper control of generation of code issue, specifically a code injection, exists in WP User Frontend. This allows for code injection. Recommendations Update WP User Frontend to a versi...