CVE-2024-12410
CVSS 3.1 Score 4.9 of 10 (medium)
Attack Complexity low
Confidentiality high
Privileges Required high
Integrity none
Availability none
Scope unchanged
Details
Published Apr 2, 2025
CWE ID 89
Summary
CVE-2024-12410 is a vulnerability affecting the Front End Users plugin for WordPress. The issue lies in the 'UserSearchField' parameter, which does not undergo sufficient escaping, allowing unauthenticated attackers to inject additional SQL queries. This can result in the extraction of sensitive data from the database. Versions up to, and including, 3.2.32 are affected.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.