Etoilewebdesign Front_end_users

10 CVEs affecting Etoilewebdesign Front_end_users. Latest disclosed: 2025-05-15. Critical: 1, High: 3.

Top CVEs affecting Etoilewebdesign Front_end_users
CVESeverityScorePublishedSummary
CVE-2025-2005Critical9.82025-04-02The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registrat…
CVE-2024-7607High8.82024-08-29The Front End Users plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.2.28 due t…
CVE-2024-13569High7.12025-04-22The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cros…
CVE-2023-33322High7.12024-03-26Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Front End Users allows Reflected XSS.Th…
CVE-2025-26877Medium6.52025-02-25Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Front End Users front-end-only-users allows St…
CVE-2023-34005Medium6.52023-07-17Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Front End Users plugin <= 3.2.24 versions.
CVE-2024-13563Medium6.42025-02-15The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's forgot-password shortcode in all versions up to, and inc…
CVE-2024-7606Medium6.42024-08-29The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and inclu…
CVE-2025-47580Medium5.42025-05-15Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users allows Exploiting Incorrectly Configured Access Control Security Levels…
CVE-2024-12410Medium4.92025-04-02The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to…