Vulnerabilities and security researches forwp-front-end-profile wp-front-end-profile

Jun 10, 2024

CVE, Research URL: CVE-2019-15110
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: Aug 21, 2019
Research Description: The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS.
Affected versions: max 1.3.1.
Status: vulnerable

CVE, Research URL: CVE-2023-51483
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: May 17, 2024
Research Description: Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1.
Affected versions: max 1.3.2.
Status: vulnerable

CVE, Research URL: CVE-2019-15111
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: Aug 21, 2019
Research Description: The wp-front-end-profile plugin before 0.2.2 for WordPress has a privilege escalation issue.
Affected versions: max 0.2.2.
Status: vulnerable

Nov 16, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: max 1.2.6.
Status: vulnerable

Apr 14, 2026

CVE, Research URL: CVE-2026-39688
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: Apr 08, 2026
Research Description: Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through <= 1.3.9.
Affected versions: max 1.3.9.
Status: vulnerable

Apr 15, 2026

CVE, Research URL: CVE-2026-1644
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: Mar 07, 2026
Research Description: The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'update_action' function. This makes it possible for unauthenticated attackers to approve or reject user account registrations via a forged request granted they can trick an administrator into performing an action such as clicking on a link.
Affected versions: max 1.3.9.
Status: vulnerable