cleantalk
Vulnerabilities and Security Researches

Front End Users, CVE-2024-13563

CVE, Research URL

CVE-2024-13563

Home page URL

Security reports for Front End Users

Application

Front End Users

Published on
Feb 15, 2025
Research Description
The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's forgot-password shortcode in all versions up to, and including, 3.2.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 3.2.31.
Status
vulnerable
Previous vulnerability researches
Front End Users (3d137d82d6524fe37c8dd356efe27e9e4e9af54c) , Jun 07, 2024
Front End Users (CVE-2023-33322) , Jun 07, 2024
Front End Users (CVE-2023-34005) , Jun 07, 2024
Front End Users (CVE-2025-26877) , Feb 26, 2025
Front End Users (CVE-2024-13563) , Feb 18, 2025
New vulnerability
Logo Carousel Slider (CVE-2025-39525) , Apr 17, 2025
Clinked Client Portal (CVE-2025-32615) , Apr 17, 2025
Kadence WooCommerce Email Designer (CVE-2025-39557) , Apr 17, 2025
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder (CVE-2025-3615) , Apr 17, 2025
Doppler Forms (CVE-2025-32620) , Apr 17, 2025