WordPress Plugin Vulnerabilities

Front End Users < 3.2.25 - Cross-Site Request Forgery

Description

Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Front End Users plugin <= 3.2.24 versions.

Affects Plugins

Plugin icon
front-end-only-users
Fixed in 3.2.25

References

CVE
CVE-2023-34005

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
c0e0f448-54b8-4995-8515-762a414f5452

Timeline

Publicly Published
2023-07-17 (about 2 years ago)
Added
2023-07-17 (about 2 years ago)
Last Updated
2023-07-17 (about 2 years ago)

Other

Published
Title
Published
2025-03-24
Title
AdSense Privacy Policy <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-04-05
Title
Generate Child Theme < 2.0.1 - Cross-Site Request Forgery via process_create_form()
Published
2025-04-16
Title
WP Tools < 5.19 - Cross-Site Request Forgery to Arbitrary File Renaming
Published
2019-05-16
Title
SAML SP SSO < 4.8.74 - Multiple Cross-Site Request Forgery (CSRF)
Published
2025-01-31
Title
Forge – Front-End Page Builder <= 1.4.6 - Cross-Site Request Forgery to Stored Cross-site Scripting