168 matches found
CVE-2024-12410 Front End Users <= 3.2.32 - Authenticated (Admin+) SQL injection
The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
CVE-2025-2005
CVE-2025-2005 affects the WordPress Front End Users plugin (versions up to 3.2.32). The issue is an arbitrary file upload vulnerability caused by missing file type validation in the registration form’s file upload field. This allows unauthenticated attackers to upload arbitrary files to the serve...
CVE-2025-2005 Front-End-Only-Users <= 3.2.32 - Unauthenticated Arbitrary File Upload
The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticated attackers to upload arbitrary files on t...
WordPress plugin Front End Users 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
WordPress Front-End Users 3.2.32 Shell Upload
WordPress Front-End Users plugin versions 3.2.32 and below suffer from a remote shell upload vulnerability...
WordPress plugin Front End Users SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
PT-2025-14471 · WordPress · Front End Users
Name of the Vulnerable Software and Affected Versions: Front End Users plugin for WordPress versions up to, and including, 3.2.32 Description: The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the...
PT-2025-14469 · WordPress · Front End Users
Name of the Vulnerable Software and Affected Versions: Front End Users plugin for WordPress versions up to, and including, 3.2.32 Description: The issue allows for SQL Injection via the UserSearchField parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient...
CVE-2025-26877
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rustaurius Front End Users front-end-only-users allows Stored XSS.This issue affects Front End Users: from n/a through = 3.2.30...
CVE-2025-26877
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rustaurius Front End Users front-end-only-users allows Stored XSS.This issue affects Front End Users: from n/a through = 3.2.30...
CVE-2025-26877
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rustaurius Front End Users allows Stored XSS. This issue affects Front End Users: from n/a through 3.2.30...
CVE-2025-26877 WordPress Front End Users Plugin <= 3.2.30 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rustaurius Front End Users front-end-only-users allows Stored XSS.This issue affects Front End Users: from n/a through = 3.2.30...
CVE-2025-26877 WordPress Front End Users Plugin <= 3.2.30 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rustaurius Front End Users front-end-only-users allows Stored XSS.This issue affects Front End Users: from n/a through = 3.2.30...
WordPress plugin Front End Users 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Front End Users Plugin <= 3.2.30 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by zaim Patchstack Alliance in WordPress Plugin Front End Users versions = 3.2.30...
CVE-2024-13563
The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's forgot-password shortcode in all versions up to, and including, 3.2.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-13563
CVE-2024-13563 affects the WordPress Front End Users plugin. It is a stored XSS via the forgot-password shortcode in all versions up to and including 3.2.30, caused by insufficient input sanitization and output escaping of user-supplied attributes. Impact: authenticated attackers with contributor...
CVE-2024-13563 Front End Users <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via forgot-password Shortcode
The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's forgot-password shortcode in all versions up to, and including, 3.2.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-13563 Front End Users <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via forgot-password Shortcode
The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's forgot-password shortcode in all versions up to, and including, 3.2.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Front End Users 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...