Skip to main content

Wp Frontend Profile

1 CVEs product

Monthly

CVE-2026-39688 MEDIUM This Month

Missing authorization in Glowlogix WP Frontend Profile plugin through version 1.3.9 allows unauthenticated remote attackers to bypass access controls and access restricted user profile information, resulting in limited information disclosure. The vulnerability stems from incorrectly configured access control security levels in the plugin's frontend profile functionality. While CVSS is rated 5.3 (medium) and EPSS probability is very low at 0.02%, CISA SSVC assessment indicates exploitation is automatable, elevating real-world risk for affected WordPress installations running this plugin.

Authentication Bypass Wp Frontend Profile
NVD
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM This Month

Missing authorization in Glowlogix WP Frontend Profile plugin through version 1.3.9 allows unauthenticated remote attackers to bypass access controls and access restricted user profile information, resulting in limited information disclosure. The vulnerability stems from incorrectly configured access control security levels in the plugin's frontend profile functionality. While CVSS is rated 5.3 (medium) and EPSS probability is very low at 0.02%, CISA SSVC assessment indicates exploitation is automatable, elevating real-world risk for affected WordPress installations running this plugin.

Authentication Bypass Wp Frontend Profile
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy