cleantalk
Vulnerabilities and Security Researches

Front End Users, 3d137d82d6524fe37c8dd356efe27e9e4e9af54c

CVE, Research URL

3d137d82d6524fe37c8dd356efe27e9e4e9af54c

Home page URL

Security reports for Front End Users

Application

Front End Users

Published on
Apr 07, 2023
Research Description
Front End Users [front-end-only-users] < 3.2.25 Front End Users <= 3.2.24 - Cross-Site Request Forgery The Front End Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.24. This is due to missing or incorrect nonce validation on several functions such as Mass_Delete_EWD_FEUP_Users, Delete_All_EWD_FEUP_Users, and Mass_Delete_EWD_FEUP_Fields. This makes it possible for unauthenticated attackers to potentially delete users, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 3.2.25.
Status
vulnerable
Previous vulnerability researches
Front End Users (3d137d82d6524fe37c8dd356efe27e9e4e9af54c) , Jun 07, 2024
Front End Users (CVE-2023-33322) , Jun 07, 2024
Front End Users (CVE-2023-34005) , Jun 07, 2024
Front End Users (CVE-2025-26877) , Feb 26, 2025
Front End Users (CVE-2024-13563) , Feb 18, 2025
New vulnerability
Clinked Client Portal (CVE-2025-32615) , Apr 17, 2025
Kadence WooCommerce Email Designer (CVE-2025-39557) , Apr 17, 2025
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag &amp; Drop WP Form Builder (CVE-2025-3615) , Apr 17, 2025
Doppler Forms (CVE-2025-32620) , Apr 17, 2025
WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log (CVE-2025-39544) , Apr 17, 2025