CVE-2024-2931

EPSS 0.27%
Veröffentlicht 02.04.2024 09:15:07
Zuletzt bearbeitet 27.08.2025 21:15:45
Quelle security@wordfence.com
Teams Watchlist Login
Unerledigt Login

The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract retrieve a list of all user email addresses who are registered on the site.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wpfront ≫ Wpfront User Role Editor SwPlatformwordpress Version < 4.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.502

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security@wordfence.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

https://inky-knuckle-2c2.notion.site/WPFront-User-Role-Editor-Information-disclosure-7435b8340a004f5f8485cad375326b2c

Product

https://plugins.trac.wordpress.org/changeset/3061241/wpfront-user-role-editor/trunk/includes/users/class-assign-migrate.php

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/078a0647-fc3a-436c-bf00-8776b16e66ff?source=cve

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-2931

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-2931

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-2931

EUVD