VYPR

Wpfront User Role Editor

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-3064HigApr 8, 2025
    risk 0.50cvss 8.8epss 0.00

    The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelist_options() function. This makes it possible for unauthenticated…

  • CVE-2025-60102MedSep 26, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syam Mohan WPFront User Role Editor wpfront-user-role-editor allows Stored XSS.This issue affects WPFront User Role Editor: from n/a through <= 4.2.3.

  • CVE-2021-24984MedDec 27, 2021
    risk 0.40cvss 6.1epss 0.01

    The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting

  • CVE-2024-2931MedApr 2, 2024
    risk 0.21cvss 4.3epss 0.01

    The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for authenticated attackers,…