2 matches found
CVE-2024-11405
The WP Front-end login and register plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the email and wpmpresetpasswordtoken parameters in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-11405
WP Front-end login and register for WordPress is vulnerable to Reflected XSS via the email and wpmp_reset_password_token parameters in all versions up to 2.1.0. This allows unauthenticated attackers to inject scripts in pages executed when a user is tricked into clicking a link. The connected doc...