Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-04-08
CVE-2025-3064 - Wpfront User Role Editor Plugin
The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelist_options() function. This makes it possible for unauthenticated attackers to update the default role option that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances.
PLUGIN
Wpfront User Role Editor
CVE-2025-3064
Risk Score
Threat Entry
Updated 2025-08-27
CVE-2024-2931 - Wpfront User Role Editor Plugin
The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract retrieve a list of all user email addresses who are registered on the site.
PLUGIN
Wpfront User Role Editor
CVE-2024-2931
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24984 - Wpfront User Role Editor Plugin
The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting
PLUGIN
Wpfront User Role Editor
CVE-2021-24984
Risk Score