Lucene search
+L

168 matches found

Cvelist
Cvelist
added 2025/04/02 9:21 a.m.19 views

CVE-2024-12410 Front End Users <= 3.2.32 - Authenticated (Admin+) SQL injection

The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

4.9CVSS0.00424EPSS
Exploits0References3
CVE
CVE
added 2025/04/02 9:21 a.m.204 views

CVE-2025-2005

CVE-2025-2005 affects the WordPress Front End Users plugin (versions up to 3.2.32). The issue is an arbitrary file upload vulnerability caused by missing file type validation in the registration form’s file upload field. This allows unauthenticated attackers to upload arbitrary files to the serve...

9.8CVSS8.3AI score0.20411EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2025/04/02 9:21 a.m.51 views

CVE-2025-2005 Front-End-Only-Users <= 3.2.32 - Unauthenticated Arbitrary File Upload

The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

9.8CVSS0.20411EPSS
Exploits3References2
CNNVD
CNNVD
added 2025/04/02 12:0 a.m.7 views

WordPress plugin Front End Users 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

9.8CVSS9.1AI score0.20411EPSS
Exploits3References3
Packet Storm News
Packet Storm News
added 2025/04/02 12:0 a.m.12 views

WordPress Front-End Users 3.2.32 Shell Upload

WordPress Front-End Users plugin versions 3.2.32 and below suffer from a remote shell upload vulnerability...

9.8CVSS7.2AI score0.20411EPSS
Exploits3
CNNVD
CNNVD
added 2025/04/02 12:0 a.m.7 views

WordPress plugin Front End Users SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

4.9CVSS6.7AI score0.00424EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/02 12:0 a.m.10 views

PT-2025-14471 · WordPress · Front End Users

Name of the Vulnerable Software and Affected Versions: Front End Users plugin for WordPress versions up to, and including, 3.2.32 Description: The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the...

9.8CVSS9.7AI score0.20411EPSS
Exploits3References21
Positive Technologies
Positive Technologies
added 2025/04/02 12:0 a.m.7 views

PT-2025-14469 · WordPress · Front End Users

Name of the Vulnerable Software and Affected Versions: Front End Users plugin for WordPress versions up to, and including, 3.2.32 Description: The issue allows for SQL Injection via the UserSearchField parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient...

4.9CVSS9.9AI score0.00424EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/02/27 2:37 p.m.7 views

CVE-2025-26877

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rustaurius Front End Users front-end-only-users allows Stored XSS.This issue affects Front End Users: from n/a through = 3.2.30...

6.5CVSS7.2AI score0.00238EPSS
Exploits0References1
NVD
NVD
added 2025/02/25 3:15 p.m.7 views

CVE-2025-26877

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rustaurius Front End Users front-end-only-users allows Stored XSS.This issue affects Front End Users: from n/a through = 3.2.30...

6.5CVSS0.00238EPSS
Exploits0References1
OSV
OSV
added 2025/02/25 3:15 p.m.5 views

CVE-2025-26877

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rustaurius Front End Users allows Stored XSS. This issue affects Front End Users: from n/a through 3.2.30...

5.4CVSS5.8AI score0.00238EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/25 2:17 p.m.7 views

CVE-2025-26877 WordPress Front End Users Plugin <= 3.2.30 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rustaurius Front End Users front-end-only-users allows Stored XSS.This issue affects Front End Users: from n/a through = 3.2.30...

6.5CVSS8.6AI score0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/25 2:17 p.m.19 views

CVE-2025-26877 WordPress Front End Users Plugin <= 3.2.30 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rustaurius Front End Users front-end-only-users allows Stored XSS.This issue affects Front End Users: from n/a through = 3.2.30...

6.5CVSS0.00238EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/25 12:0 a.m.6 views

WordPress plugin Front End Users 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS8.2AI score0.00238EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/02/22 4:2 p.m.7 views

WordPress Front End Users Plugin <= 3.2.30 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim Patchstack Alliance in WordPress Plugin Front End Users versions = 3.2.30...

6.5CVSS6.1AI score0.00238EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/02/15 9:15 a.m.6 views

CVE-2024-13563

The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's forgot-password shortcode in all versions up to, and including, 3.2.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS5.9AI score0.00297EPSS
Exploits0References4
CVE
CVE
added 2025/02/15 8:25 a.m.49 views

CVE-2024-13563

CVE-2024-13563 affects the WordPress Front End Users plugin. It is a stored XSS via the forgot-password shortcode in all versions up to and including 3.2.30, caused by insufficient input sanitization and output escaping of user-supplied attributes. Impact: authenticated attackers with contributor...

6.4CVSS5.9AI score0.00297EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/02/15 8:25 a.m.19 views

CVE-2024-13563 Front End Users <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via forgot-password Shortcode

The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's forgot-password shortcode in all versions up to, and including, 3.2.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00297EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/15 8:25 a.m.11 views

CVE-2024-13563 Front End Users <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via forgot-password Shortcode

The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's forgot-password shortcode in all versions up to, and including, 3.2.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00297EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/15 12:0 a.m.7 views

WordPress plugin Front End Users 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS7.8AI score0.00297EPSS
Exploits0References5
Rows per page
Query Builder