CVE-2024-2931
WPFront User Role Editor <= 3.2.1.11184 - Limited Information Exposure
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract retrieve a list of all user email addresses who are registered on the site.
| CWE | CWE-200 |
| Vendor | syammohanm |
| Product | wpfront user role editor |
| Published | Apr 2, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for syammohanm wpfront user role editor
Be the first to know when new medium vulnerabilities affecting syammohanm wpfront user role editor are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
syammohanm / WPFront User Role Editor
0 โค 3.2.1.11184
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/078a0647-fc3a-436c-bf00-8776b16e66ff?source=cve inky-knuckle-2c2.notion.site: https://inky-knuckle-2c2.notion.site/WPFront-User-Role-Editor-Information-disclosure-7435b8340a004f5f8485cad375326b2c plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3061241/wpfront-user-role-editor/trunk/includes/users/class-assign-migrate.php
Credits
AmrAwad