Wp Frontend Profile
Monthly
Missing authorization in Glowlogix WP Frontend Profile plugin through version 1.3.9 allows unauthenticated remote attackers to bypass access controls and access restricted user profile information, resulting in limited information disclosure. The vulnerability stems from incorrectly configured access control security levels in the plugin's frontend profile functionality. While CVSS is rated 5.3 (medium) and EPSS probability is very low at 0.02%, CISA SSVC assessment indicates exploitation is automatable, elevating real-world risk for affected WordPress installations running this plugin.
Missing authorization in Glowlogix WP Frontend Profile plugin through version 1.3.9 allows unauthenticated remote attackers to bypass access controls and access restricted user profile information, resulting in limited information disclosure. The vulnerability stems from incorrectly configured access control security levels in the plugin's frontend profile functionality. While CVSS is rated 5.3 (medium) and EPSS probability is very low at 0.02%, CISA SSVC assessment indicates exploitation is automatable, elevating real-world risk for affected WordPress installations running this plugin.