Front End Users

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Front End Users

Information

Software Type Plugin
Software Slug front-end-only-users (view on wordpress.org)
Software Status Removed
Software Author rustaurius
Software Website www.etoilewebdesign.com
Software Downloads 226,812
Software Active Installs 600
Software Record Last Updated April 2, 2025

9 Vulnerabilities

Submit a Vulnerability
Front-End-Only-Users <= 3.2.32 - Unauthenticated Arbitrary File Upload
9.8
CVE-2025-2005
Apr 1, 2025
Researcher: Kishan Vyas
Front End Users <= 3.2.32 - Authenticated (Admin+) SQL injection
4.9
CVE-2024-12410
Apr 1, 2025
Researcher: Colin Xu
Front End Users <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-26877
Feb 22, 2025
Researcher: zaim
Front End Users <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via forgot-password Shortcode
6.4
CVE-2024-13563
Feb 14, 2025
Researcher: zaim
Front End Users <= 3.2.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2024-7606
Aug 28, 2024
Researcher: Peter Thaleikis
Front End Users <= 3.2.28 - Authenticated (Contributor+) Time-Based SQL Injection
8.8
CVE-2024-7607
Aug 28, 2024
Researcher: Peter Thaleikis
Front End Users <= 3.2.24 - Reflected Cross-Site Scripting
6.1
CVE-2023-33322
May 22, 2023
Researcher: thiennv
Front End Users <= 3.2.24 - Cross-Site Request Forgery
4.3
CVE-2023-34005
Apr 7, 2023
Researcher: thiennv
Front End Users <= 3.2.24 - Missing Authorization to Unauthenticated Registered User Deletion
6.5
CVE ID Unknown
Apr 7, 2023
Researchers:
Title Status CVE ID CVSS Researchers Date
Front-End-Only-Users <= 3.2.32 - Unauthenticated Arbitrary File Upload Unpatched CVE-2025-2005 9.8 Kishan Vyas April 1, 2025
Front End Users <= 3.2.32 - Authenticated (Admin+) SQL injection Unpatched CVE-2024-12410 4.9 Colin Xu April 1, 2025
Front End Users <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2025-26877 6.4 zaim February 22, 2025
Front End Users <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via forgot-password Shortcode Patched CVE-2024-13563 6.4 zaim February 14, 2025
Front End Users <= 3.2.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Patched CVE-2024-7606 6.4 Peter Thaleikis August 28, 2024
Front End Users <= 3.2.28 - Authenticated (Contributor+) Time-Based SQL Injection Patched CVE-2024-7607 8.8 Peter Thaleikis August 28, 2024
Front End Users <= 3.2.24 - Reflected Cross-Site Scripting Patched CVE-2023-33322 6.1 thiennv May 22, 2023
Front End Users <= 3.2.24 - Cross-Site Request Forgery Patched CVE-2023-34005 4.3 thiennv April 7, 2023
Front End Users <= 3.2.24 - Missing Authorization to Unauthenticated Registered User Deletion Patched 6.5 April 7, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

This site uses cookies in accordance with our Privacy Policy.