WordPress Plugin Vulnerabilities

WP Frontend Profile < 1.3.2 - Unauthenticated Privilege Escalation

Description

The plugin is vulnerable to privilege, allowing unauthenticated attackers to take over arbitrary accounts on the site.

Affects Plugins

Plugin icon
wp-front-end-profile
Fixed in 1.3.2

References

CVE
CVE-2023-51483
URL
https://patchstack.com/database/vulnerability/wp-front-end-profile/wordpress-wp-frontend-profile-plugin-1-3-1-unauthenticated-privilege-escalation-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
6f3c31d3-f6d7-4baa-9f94-bdc44e301c44

Timeline

Publicly Published
2023-12-27 (about 2 years ago)
Added
2024-01-05 (about 2 years ago)
Last Updated
2024-03-13 (about 2 years ago)

Other

Published
Title
Published
2025-11-12
Title
Survey Maker < 5.1.9.5 - Missing Authorization to Unauthenticated Limited Option Update
Published
2024-05-15
Title
Tutor LMS < 2.7.1 - Missing Authorization
Published
2026-03-04
Title
e2pdf < 1.32.00 - Missing Authorization
Published
2025-04-04
Title
Lafka Plugin <= 7.1.0 - Missing Authorization to Authenticated (Subscriber+) Theme Option Update
Published
2024-06-05
Title
XootiX Framework <= Various Plugin Versions - Missing Authorization to Arbitrary Options Update