CVE-2024-12410

CVSS 3.1 Score 4.9 of 10 (medium)

Attack Complexity low
Confidentiality high
Privileges Required high
Integrity none
Availability none
Scope unchanged

Details

Published Apr 2, 2025
CWE ID 89

Summary

CVE-2024-12410 is a vulnerability affecting the Front End Users plugin for WordPress. The issue lies in the 'UserSearchField' parameter, which does not undergo sufficient escaping, allowing unauthenticated attackers to inject additional SQL queries. This can result in the extraction of sensitive data from the database. Versions up to, and including, 3.2.32 are affected.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share