CVE-2024-12410

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Apr 2, 2025
CWE ID 89

Summary

CVE-2024-12410 is a vulnerability affecting the Front End Users plugin for WordPress. The issue lies in the 'UserSearchField' parameter, which does not undergo sufficient escaping, allowing unauthenticated attackers to inject additional SQL queries. This can result in the extraction of sensitive data from the database. Versions up to, and including, 3.2.32 are affected.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share