Vulnerabilities and security researches forwp-front-end-profile wp-front-end-profile

Direction: ascending

Jun 10, 2024

WP Frontend Profile # CVE-2019-15110

CVE, Research URL: CVE-2019-15110
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: Aug 21, 2019
Research Description: The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS.
Affected versions: max 0.2.2.
Status: vulnerable

WP Frontend Profile # CVE-2023-51483

CVE, Research URL: CVE-2023-51483
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: May 17, 2024
Research Description: Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1.
Affected versions: max 1.3.2.
Status: vulnerable

WP Frontend Profile # CVE-2019-15111

CVE, Research URL: CVE-2019-15111
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: Aug 21, 2019
Research Description: The wp-front-end-profile plugin before 0.2.2 for WordPress has a privilege escalation issue.
Affected versions: max 0.2.2.
Status: vulnerable

Nov 16, 2024

WP Frontend Profile # CVE-2022-4974

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: max 1.2.6.
Status: vulnerable

Apr 14, 2026

WP Frontend Profile # CVE-2026-39688

CVE, Research URL: CVE-2026-39688
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: Apr 08, 2026
Research Description: Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through <= 1.3.9.
Affected versions: max 1.3.9.
Status: vulnerable

Apr 15, 2026

WP Frontend Profile # CVE-2026-1644

CVE, Research URL: CVE-2026-1644
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: Mar 07, 2026
Research Description: The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'update_action' function. This makes it possible for unauthenticated attackers to approve or reject user account registrations via a forged request granted they can trick an administrator into performing an action such as clicking on a link.
Affected versions: max 1.3.9.
Status: vulnerable

Jun 13, 2026

WP Frontend Profile # CVE-2023-33999

CVE, Research URL: CVE-2023-33999
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: Jun 11, 2026
Research Description: Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows DOM-Based XSS. This issue affects WP Mail Log: from n/a through 1.0.2.
Affected versions: max 1.3.1.
Status: vulnerable

Jun 16, 2026

WP Frontend Profile # 6d8910c719b2a132ec93828cd37e418b19cac960

CVE, Research URL: 6d8910c719b2a132ec93828cd37e418b19cac960
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: Mar 04, 2022
Research Description: WP Frontend Profile [wp-front-end-profile] < 1.2.5 Freemius SDK <= 2.4.2 - Missing Authorization Checks The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: max 1.2.5.
Status: vulnerable

WP Frontend Profile # 57c6eb9cb9230fab5bc21a3ed25fd4e106859173

CVE, Research URL: 57c6eb9cb9230fab5bc21a3ed25fd4e106859173
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: Feb 28, 2022
Research Description: WP Frontend Profile [wp-front-end-profile] < 1.2.6 WordPress WP Frontend Profile plugin <= 1.2.5 - Sensitive Information Disclosure vulnerability Sensitive Information Disclosure vulnerability discovered in WordPress WP Frontend Profile plugin (versions <= 1.2.5).
Affected versions: max 1.2.6.
Status: vulnerable

WP Frontend Profile # 3c4372b76b1d274bdbd4efc646638599918abb3b

CVE, Research URL: 3c4372b76b1d274bdbd4efc646638599918abb3b
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: May 19, 2020
Research Description: WP Frontend Profile [wp-front-end-profile] < 1.2.2 WP Frontend Profile <= 1.2.1 - Cross-Site Request Forgery The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation in the wpfep_save_password() function found in the 'wp-frontend-profile/functions/save-fields.php' file. This makes it possible for unauthenticated attackers to change the passwords of other users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.2.2.
Status: vulnerable

WP Frontend Profile # af00acc763006e44d170d94eac74a3401c214c3e

CVE, Research URL: af00acc763006e44d170d94eac74a3401c214c3e
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: May 19, 2020
Research Description: WP Frontend Profile [wp-front-end-profile] < 1.2.2 WordPress WP Frontend Profile plugin <= 1.2.1 - Nonce Security Issue vulnerability Nonce Security Issue vulnerability discovered by Julio Potier in WordPress WP Frontend Profile plugin (versions <= 1.2.1).
Affected versions: max 1.2.2.
Status: vulnerable

WP Frontend Profile # 67403202d411d08a3b2bd153c76565effc6e0694

CVE, Research URL: 67403202d411d08a3b2bd153c76565effc6e0694
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: Sep 14, 2016
Research Description: WP Frontend Profile [wp-front-end-profile] < 0.2.2 WordPress Front End Profile Plugin <= 0.2.1 - Multiple Vulnerabilities This plugin is prone to a privilege escalation and stored cross site scripting vulnerabilities. Update the plugin.
Affected versions: max 0.2.2.
Status: vulnerable

WP Frontend Profile # 00b6d363-700f-4b01-81a0-671ed58520f8

CVE, Research URL: 00b6d363-700f-4b01-81a0-671ed58520f8
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: -
Research Description: WP Frontend Profile [wp-front-end-profile] < 1.2.2 WP Frontend Profile < 1.2.2 - CSRF Check Incorrectly Implemented The WP Frontend Profile WordPress plugin did not verify the Cross-Site Request Forgery (CSRF) nonce correctly.
Affected versions: max 1.2.2.
Status: vulnerable

WP Frontend Profile # 937a22beee2c0654d654f868033ea945d2a3415c

CVE, Research URL: 937a22beee2c0654d654f868033ea945d2a3415c
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: Feb 28, 2022
Research Description: WP Frontend Profile [wp-front-end-profile] <= 1.2.5 WordPress WP Frontend Profile plugin <= 1.2.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress WP Frontend Profile plugin (versions <= 1.2.5).
Affected versions: max 1.2.5.
Status: vulnerable