2 matches found
CVE-2019-15111
CVE-2019-15111 affects the WordPress plugin wp-front-end-profile before 0.2.2. The root cause is a permissions/ACL flaw in the plugin that lets an attacker modify a user profile via POST data, overwriting wp_capabilities and wp_user_level to escalate privileges to administrator. Some reports also...
CVE-2019-15110
CVE-2019-15110 affects the WordPress plugin wp-front-end-profile prior to 0.2.2. The vulnerability is cross-site scripting (XSS). Public exploit details (WP Front End Profile