Lucene search
K
EtoilewebdesignFront End Users

10 matches found

CVE
CVE
added 2025/04/02 9:21 a.m.199 views

CVE-2025-2005

CVE-2025-2005 affects the WordPress Front End Users plugin (versions up to 3.2.32). The issue is an arbitrary file upload vulnerability caused by missing file type validation in the registration form’s file upload field. This allows unauthenticated attackers to upload arbitrary files to the serve...

9.8CVSS8.3AI score0.20411EPSS
Web
CVE
CVE
added 2025/04/02 9:21 a.m.65 views

CVE-2024-12410

CVE-2024-12410 involves the Front End Users WordPress plugin. It is vulnerable to SQL Injection via the UserSearchField parameter in all versions up to and including 3.2.32 due to insufficient escaping and lack of proper SQL query preparation. This allows unauthenticated attackers to append extra...

4.9CVSS7.8AI score0.00424EPSS
CVE
CVE
added 2025/02/25 2:17 p.m.63 views

CVE-2025-26877

CVE-2025-26877 is a stored XSS in the WordPress plugin Front End Users . Affected: Front End Users

6.5CVSS7.2AI score0.00238EPSS
CVE
CVE
added 2024/08/29 5:30 a.m.55 views

CVE-2024-7606

CVE-2024-7606 (Front End Users, WordPress) stored XSS via the plugin’s shortcodes (user-search) in all versions up to 3.2.28. Exploitation requires authenticated access at contributor level or higher; attacker can inject scripts that execute when other users view the affected page. Publicly avail...

6.4CVSS5.5AI score0.00311EPSS
CVE
CVE
added 2024/08/29 5:30 a.m.55 views

CVE-2024-7607

CVE-2024-7607: The Front End Users WordPress plugin is vulnerable to time-based SQL Injection via the order parameter in all versions up to 3.2.28. Exploitation requires Contributor-level access or higher; an attacker can append additional SQL to existing queries to exfiltrate data. Wordfence vul...

8.8CVSS8.7AI score0.00543EPSS
CVE
CVE
added 2025/04/22 6:0 a.m.52 views

CVE-2024-13569

CVE-2024-13569 affects the Front End Users WordPress plugin (versions up to 3.2.32). It exposes a Reflected XSS due to insufficient sanitization/escaping of a parameter before output to the page, potentially impacting admin and other high-privilege users. Public details consistently describe the ...

7.1CVSS6.5AI score0.00485EPSS
CVE
CVE
added 2024/03/26 8:48 a.m.50 views

CVE-2023-33322

CVE-2023-33322 affects WordPress plugin Front End Users (front-end-only users). The issue is an improper neutralization of input during web page generation, leading to Reflected XSS. Affected versions are before 3.2.25; patch to 3.2.25 fixes the vulnerability. Users should update to the fixed ver...

7.1CVSS8.6AI score0.00379EPSS
CVE
CVE
added 2025/05/15 5:7 p.m.49 views

CVE-2025-47580

CVE-2025-47580 (WordPress Front End Users plugin) : A Missing Authorization vulnerability exists in Front End Users up to version 3.2.32 that allows exploitation of misconfigured access control to access restricted information. A patch is available; update to 3.2.35+ (as noted by Patchstack) to r...

9.8CVSS7.2AI score0.00243EPSS
CVE
CVE
added 2025/02/15 8:25 a.m.48 views

CVE-2024-13563

CVE-2024-13563 affects the WordPress Front End Users plugin. It is a stored XSS via the forgot-password shortcode in all versions up to and including 3.2.30, caused by insufficient input sanitization and output escaping of user-supplied attributes. Impact: authenticated attackers with contributor...

6.4CVSS5.9AI score0.00284EPSS
CVE
CVE
added 2023/07/17 2:46 p.m.45 views

CVE-2023-34005

CVE-2023-34005 describes a CSRF vulnerability in the Etoile Web Design Front End Users plugin for WordPress, affecting versions ≤ 3.2.24. The vulnerability allows unauthenticated actors to trigger actions on behalf of a logged-in user; patch 3.2.25 fixes this issue. PatchStack notes the vulnerabi...

8.8CVSS7.7AI score0.00263EPSS