Vulnerabilities and security researches forwp-front-end-profile wp-front-end-profile

Jun 10, 2024

CVE, Research URL: CVE-2019-15110
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: Aug 21, 2019
Research Description: The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-51483
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: May 17, 2024
Research Description: Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2019-15111
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: Aug 21, 2019
Research Description: The wp-front-end-profile plugin before 0.2.2 for WordPress has a privilege escalation issue.
Affected versions: Min -, max -.
Status: vulnerable

Nov 16, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for WP Frontend Profile
Application: WP Frontend Profile
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable