6 matches found
CVE-2025-3064
The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelistoptions function. This makes it possible for unauthenticated attackers to update the...
CVE-2025-3064
The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelistoptions function. This makes it possible for unauthenticated attackers to update the...
CVE-2025-3064
creationtimestamp| type| source ---|---|--- 2025-04-08 08:46:43+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10881 2025-04-08 11:48:23+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114302183167585816 2025-04-08 12:07:13+00:00| seen|...
CVE-2025-3064
CVE-2025-3064 : WordPress plugin WPFront User Role Editor (affected versions up to 4.2.1) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in whitelist_options(). This allows unauthenticated attackers to update the default role option, enabling privilege escal...
CVE-2025-3064 WPFront User Role Editor <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function
The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelistoptions function. This makes it possible for unauthenticated attackers to update the...
WordPress WPFront User Role Editor plugin <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function vulnerability
Cross-Site Request Forgery to Privilege Escalation via whitelistoptions Function vulnerability discovered by WordFence in WordPress Plugin WPFront User Role Editor versions = 4.2.1...