EUVD-2025-3238

Malicious code in bioql PyPI...

CVE-2024-11405 WP Front-end login and register <= 2.1.0 - Reflected Cross-Site Scripting

The WP Front-end login and register plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the email and wpmpresetpasswordtoken parameters in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2019-15110

The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS...

CVE-2025-23540

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mohsin Khan WP Front-end login and register wp-front-end-login-and-register allows Reflected XSS.This issue affects WP Front-end login and register: from n/a through = 2.1.0...

CVE-2025-23540

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mohsin Khan WP Front-end login and register wp-front-end-login-and-register allows Reflected XSS.This issue affects WP Front-end login and register: from n/a through = 2.1.0...

CVE-2019-15111

CVE-2019-15111 affects the WordPress plugin wp-front-end-profile before 0.2.2. The root cause is a permissions/ACL flaw in the plugin that lets an attacker modify a user profile via POST data, overwriting wp_capabilities and wp_user_level to escalate privileges to administrator. Some reports also...

CVE-2019-15110

CVE-2019-15110 affects the WordPress plugin wp-front-end-profile prior to 0.2.2. The vulnerability is cross-site scripting (XSS). Public exploit details (WP Front End Profile

WP Front End Profile <= 0.2.1 - Privilege Escalation & Stored Cross-Site Scripting (XSS)

It is possible to modify a POST request to overwrite user meta including 'wpcapabilities' and 'wpuserlevel' which results in a privilege escalation vulnerability. User input is not sanitised or escaped on output resulting in a stored XSS vulnerability. Timeline: 2016-09-12: Vulnerability found...