The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
2025-04-22T06:15:44.120
2025-05-07T19:28:20.447
Analyzed
CVSSv3.1: 7.1 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | etoilewebdesign | front_end_users | ≤ 3.2.32 | Yes |