cleantalk
Vulnerabilities and Security Researches

WPFront User Role Editor, CVE-2024-2931

CVE, Research URL

CVE-2024-2931

Home page URL

Security reports for WPFront User Role Editor

Application

WPFront User Role Editor

Published on
Apr 02, 2024
Research Description
The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract retrieve a list of all user email addresses who are registered on the site.
Affected versions
max 4.1.0.
Status
vulnerable
Previous vulnerability researches
WPFront User Role Editor (CVE-2025-60102) , Oct 12, 2025
WPFront User Role Editor (CVE-2024-2931) , Jun 07, 2024
WPFront User Role Editor (CVE-2021-24984) , Jun 07, 2024
WPFront User Role Editor (CVE-2025-3064) , Apr 09, 2025
User Role Editor (f814ebd7f3c5283e94417912def596f19b5b9156) , Jun 06, 2024
New vulnerability
Contact Form 7 Database Addon – CFDB7 , Feb 17, 2026
GoSMTP – SMTP for WordPress , Feb 17, 2026
User Role Editor , Feb 16, 2026
Post Types Order , Feb 11, 2026
Code Snippets , Feb 09, 2026