Wpfront CVE - OpenCVE

Filtered by vendor Wpfront Subscribe

Total 5 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2024-2931	1 Wpfront	1 Wpfront User Role Editor	2025-03-17	N/A	4.3 MEDIUM
The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract retrieve a list of all user email addresses who are registered on the site.
CVE-2021-24984	1 Wpfront	1 Wpfront User Role Editor	2024-11-21	4.3 MEDIUM	6.1 MEDIUM
The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting
CVE-2021-24601	1 Wpfront	1 Wpfront Notification Bar	2024-11-21	3.5 LOW	5.4 MEDIUM
The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2021-24564	1 Wpfront	1 Scroll Top	2024-11-21	3.5 LOW	5.4 MEDIUM
The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.
CVE-2021-24518	1 Wpfront	1 Notification Bar	2024-11-21	3.5 LOW	4.8 MEDIUM
The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does not sanitise or escape its Custom CSS setting, allowing high privilege users such as admin to set XSS payload in it even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue

Vulnerabilities (CVE)