10 matches found
CVE-2025-2005
CVE-2025-2005 affects the WordPress Front End Users plugin (versions up to 3.2.32). The issue is an arbitrary file upload vulnerability caused by missing file type validation in the registration form’s file upload field. This allows unauthenticated attackers to upload arbitrary files to the serve...
CVE-2024-12410
CVE-2024-12410 involves the Front End Users WordPress plugin. It is vulnerable to SQL Injection via the UserSearchField parameter in all versions up to and including 3.2.32 due to insufficient escaping and lack of proper SQL query preparation. This allows unauthenticated attackers to append extra...
CVE-2025-26877
CVE-2025-26877 is a stored XSS in the WordPress plugin Front End Users . Affected: Front End Users
CVE-2024-7606
CVE-2024-7606 (Front End Users, WordPress) stored XSS via the plugin’s shortcodes (user-search) in all versions up to 3.2.28. Exploitation requires authenticated access at contributor level or higher; attacker can inject scripts that execute when other users view the affected page. Publicly avail...
CVE-2024-7607
CVE-2024-7607: The Front End Users WordPress plugin is vulnerable to time-based SQL Injection via the order parameter in all versions up to 3.2.28. Exploitation requires Contributor-level access or higher; an attacker can append additional SQL to existing queries to exfiltrate data. Wordfence vul...
CVE-2024-13569
CVE-2024-13569 affects the Front End Users WordPress plugin (versions up to 3.2.32). It exposes a Reflected XSS due to insufficient sanitization/escaping of a parameter before output to the page, potentially impacting admin and other high-privilege users. Public details consistently describe the ...
CVE-2023-33322
CVE-2023-33322 affects WordPress plugin Front End Users (front-end-only users). The issue is an improper neutralization of input during web page generation, leading to Reflected XSS. Affected versions are before 3.2.25; patch to 3.2.25 fixes the vulnerability. Users should update to the fixed ver...
CVE-2025-47580
CVE-2025-47580 (WordPress Front End Users plugin) : A Missing Authorization vulnerability exists in Front End Users up to version 3.2.32 that allows exploitation of misconfigured access control to access restricted information. A patch is available; update to 3.2.35+ (as noted by Patchstack) to r...
CVE-2024-13563
CVE-2024-13563 affects the WordPress Front End Users plugin. It is a stored XSS via the forgot-password shortcode in all versions up to and including 3.2.30, caused by insufficient input sanitization and output escaping of user-supplied attributes. Impact: authenticated attackers with contributor...
CVE-2023-34005
CVE-2023-34005 describes a CSRF vulnerability in the Etoile Web Design Front End Users plugin for WordPress, affecting versions ≤ 3.2.24. The vulnerability allows unauthenticated actors to trigger actions on behalf of a logged-in user; patch 3.2.25 fixes this issue. PatchStack notes the vulnerabi...