CVE-2026-1644 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing non…
Medium CVSS: 4.3

CVE-2026-1644

The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'update_action' function. This makes it possible for unauthenticated attackers to approve or reject user account registrations via a forged request granted they can trick an administrator into performing an action such as clicking on a link.
Vendor
-
Product
-
CWE
CWE-352
Yayın Tarihi
2026-03-07 00:16:13
Güncelleme
2026-03-09 13:35:34
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-352 MEDIUM 2026

Referanslar

https://plugins.trac.wordpress.org/browser/wp-front-end-profile/tags/1.3.8/functions/wpfep-functions.php#L987 https://plugins.trac.wordpress.org/browser/wp-front-end-profile/trunk/functions/wpfep-functions.php#L987 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3466608%40wp-front-end-profile&new=3466608%40wp-front-end-profile&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/74b186fd-5825-4a20-829b-6b8a5ddbe853?source=cve