2 matches found
CVE-2024-12410 Front End Users <= 3.2.32 - Authenticated (Admin+) SQL injection
The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
WordPress Front End Users plugin <= 3.2.32 - Authenticated (Admin+) SQL injection vulnerability
Authenticated Admin+ SQL injection vulnerability discovered by Colin Xu in WordPress Plugin Front End Users versions = 3.2.32...