Etoilewebdesign Front_end_users
10 CVEs affecting Etoilewebdesign Front_end_users. Latest disclosed: 2025-05-15. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-2005 | Critical | 9.8 | 2025-04-02 | The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registrat… |
CVE-2024-7607 | High | 8.8 | 2024-08-29 | The Front End Users plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.2.28 due t… |
CVE-2024-13569 | High | 7.1 | 2025-04-22 | The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cros… |
CVE-2023-33322 | High | 7.1 | 2024-03-26 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Front End Users allows Reflected XSS.Th… |
CVE-2025-26877 | Medium | 6.5 | 2025-02-25 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Front End Users front-end-only-users allows St… |
CVE-2023-34005 | Medium | 6.5 | 2023-07-17 | Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Front End Users plugin <= 3.2.24 versions. |
CVE-2024-13563 | Medium | 6.4 | 2025-02-15 | The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's forgot-password shortcode in all versions up to, and inc… |
CVE-2024-7606 | Medium | 6.4 | 2024-08-29 | The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and inclu… |
CVE-2025-47580 | Medium | 5.4 | 2025-05-15 | Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users allows Exploiting Incorrectly Configured Access Control Security Levels… |
CVE-2024-12410 | Medium | 4.9 | 2025-04-02 | The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to… |