CVE-2024-2931
Last modified
CVE-2024-2931 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract retrieve a list of all user email addresses who are registered on the site.. EPSS estimates a 0.52% chance of exploitation in the next 30 days.
Description
The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract retrieve a list of all user email addresses who are registered on the site.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Wpfront | Wpfront User Role Editor | < 4.1.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-2931?
How severe is CVE-2024-2931?
How do I fix CVE-2024-2931?
Are you affected by CVE-2024-2931?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST