Does Front End Users have any unpatched vulnerabilities?

Yes — Front End Users currently has 2 published unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is Front End Users compatible with WordPress 6.9.4?

According to WordPress.org data, Front End Users 3.2.35 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Front End Users updated?

Front End Users was last updated on Dec 2, 2025. Frequent updates are generally a positive security signal.

What is Front End Users's security score?

Front End Users has a WP-Safety security score of 42/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Front End Users: 2 Unpatched CVEs

Safety Verdict

Is Front End Users Safe to Use in 2026?

High Risk

Score 42/100

Front End Users carries significant security risk with 13 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

13 known CVEs 2 unpatched Last CVE: Oct 16, 2025Updated 5mo ago

Risk Assessment

The 'front-end-only-users' v3.2.35 plugin exhibits a concerning security posture. While it shows strengths in SQL query preparedness and output escaping, these are overshadowed by significant vulnerabilities. The substantial number of unprotected AJAX handlers, coupled with critical taint flows, presents a direct avenue for attackers. Furthermore, the plugin's history of 13 known CVEs, including unpatched critical and high-severity issues, indicates a pattern of recurring security weaknesses.

The code analysis reveals a large attack surface with 10 out of 11 AJAX handlers lacking authentication, and a concerning 26 high-severity taint flows with unsanitized paths. The presence of dangerous functions like 'unserialize' and 'passthru' further amplifies the risk. The vulnerability history, with common types including Missing Authorization and SQL Injection, strongly suggests a lack of robust security practices during development and maintenance.

In conclusion, while some good practices are observed, the plugin's numerous unprotected entry points, critical taint flows, and a history of severe unpatched vulnerabilities make it a high-risk component. Immediate attention is required to address the unpatched CVEs and the identified code weaknesses to mitigate potential security breaches.

Key Concerns

Unpatched Critical CVE
Unpatched High Severity CVE
Critical Taint Flows
High Severity Taint Flows
AJAX Handlers without Auth
Dangerous functions: unserialize, passthru
Missing Authorization vulnerability history
Unrestricted Upload vulnerability history
SQL Injection vulnerability history
XSS vulnerability history
CSRF vulnerability history
Bundled libraries: TinyMCE

Vulnerabilities

13 published

Front End Users Security Vulnerabilities

CVEs by Year

3 CVEs in 2023

2023

2 CVEs in 2024

2024

8 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Critical

1

High

1

Medium

11

13 total CVEs

CVE-2025-62072medium · 4.3Missing Authorization

Front End Users <= 3.2.33 - Missing Authorization

Oct 16, 2025 Patched in 3.2.34 (8d)

CVE-2025-58235medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Front End Users <= 3.2.33 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched

CVE-2025-47580medium · 5.3Missing Authorization

Front End Users <= 3.2.32 - Missing Authorization to Information Exposure

May 15, 2025Unpatched

CVE-2025-2005critical · 9.8Unrestricted Upload of File with Dangerous Type

Front-End-Only-Users <= 3.2.32 - Unauthenticated Arbitrary File Upload

Apr 1, 2025 Patched in 3.2.33 (218d)

CVE-2024-12410medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Front End Users <= 3.2.32 - Authenticated (Admin+) SQL injection

Apr 1, 2025 Patched in 3.2.33 (218d)

CVE-2024-13569medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Front End Users <= 3.2.32 - Reflected Cross-Site Scripting

Apr 1, 2025 Patched in 3.2.33 (219d)

CVE-2025-26877medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Front End Users <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 22, 2025 Patched in 3.2.31 (10d)

CVE-2024-13563medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Front End Users <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via forgot-password Shortcode

Feb 14, 2025 Patched in 3.2.31 (1d)

CVE-2024-7606medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Front End Users <= 3.2.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Aug 28, 2024 Patched in 3.2.29 (1d)

CVE-2024-7607high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Front End Users <= 3.2.28 - Authenticated (Contributor+) Time-Based SQL Injection

Aug 28, 2024 Patched in 3.2.29 (1d)

CVE-2023-33322medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Front End Users <= 3.2.24 - Reflected Cross-Site Scripting

May 22, 2023 Patched in 3.2.25 (376d)

WF-5ccfafaf-902f-4142-90b3-9f70800eb377-front-end-only-usersmedium · 6.5Missing Authorization

Front End Users <= 3.2.24 - Missing Authorization to Unauthenticated Registered User Deletion

Apr 7, 2023 Patched in 3.2.25 (291d)

CVE-2023-34005medium · 4.3Cross-Site Request Forgery (CSRF)

Front End Users <= 3.2.24 - Cross-Site Request Forgery

Apr 7, 2023 Patched in 3.2.25 (291d)

Version History

Front End Users Release Timeline

v3.2.35Current2 CVEs

CVE-2025-47580 CVE-2025-58235

v3.2.342 CVEs

CVE-2025-47580 CVE-2025-58235

v3.2.333 CVEs

CVE-2025-47580 CVE-2025-58235 CVE-2025-62072

v3.2.326 CVEs

CVE-2025-2005 CVE-2025-47580 CVE-2024-12410 +3 more

v3.2.316 CVEs

CVE-2025-2005 CVE-2025-47580 CVE-2024-12410 +3 more

v3.2.308 CVEs

CVE-2025-2005 CVE-2025-47580 CVE-2024-13563 +5 more

v3.2.298 CVEs

CVE-2025-2005 CVE-2025-47580 CVE-2024-13563 +5 more

v3.2.2810 CVEs

CVE-2024-7606 CVE-2025-2005 CVE-2025-47580 +7 more

v3.2.2710 CVEs

CVE-2024-7606 CVE-2025-2005 CVE-2025-47580 +7 more

v3.2.2610 CVEs

CVE-2024-7606 CVE-2025-2005 CVE-2025-47580 +7 more

v3.2.2510 CVEs

CVE-2024-7606 CVE-2025-2005 CVE-2025-47580 +7 more

v3.2.2413 CVEs

CVE-2024-7606 CVE-2025-2005 CVE-2025-47580 +10 more

v3.2.2313 CVEs

CVE-2024-7606 CVE-2025-2005 CVE-2025-47580 +10 more

v3.2.2213 CVEs

CVE-2024-7606 CVE-2025-2005 CVE-2025-47580 +10 more

v3.2.2113 CVEs

CVE-2024-7606 CVE-2025-2005 CVE-2025-47580 +10 more

v3.2.2013 CVEs

CVE-2024-7606 CVE-2025-2005 CVE-2025-47580 +10 more

v3.2.1913 CVEs

CVE-2024-7606 CVE-2025-2005 CVE-2025-47580 +10 more

v3.2.1813 CVEs

CVE-2024-7606 CVE-2025-2005 CVE-2025-47580 +10 more

v3.2.1713 CVEs

CVE-2024-7606 CVE-2025-2005 CVE-2025-47580 +10 more

v3.2.1613 CVEs

CVE-2024-7606 CVE-2025-2005 CVE-2025-47580 +10 more

Code Analysis

Analyzed Mar 16, 2026

Front End Users Code Analysis

Dangerous Functions

8

Raw SQL Queries

48

325 prepared

Unescaped Output

119

1789 escaped

Nonce Checks

17

Capability Checks

4

File Operations

3

External Requests

2

Bundled Libraries

1

Dangerous Functions Found

unserialize$Field_Level_Exclude_IDs = unserialize($Field->Level_Exclude_IDs);Functions\Update_Admin_Databases.php:455

unserialize$Field_Level_Exclude_IDs = unserialize($Field->Level_Exclude_IDs);Functions\Update_Admin_Databases.php:462

unserialize<?php $Field_Level_Exclude_IDs = @unserialize($Field->Level_Exclude_IDs); ?>html\LevelDetails.php:77

unserialize$Field_Level_Exclude_IDs = unserialize($Field->Level_Exclude_IDs);Shortcodes\Insert_Edit_Profile.php:84

unserialize$Field_Level_Exclude_IDs = unserialize(strval($Field->Level_Exclude_IDs));Shortcodes\Insert_Register_Form.php:173

passthrupassthru('composer install', $returnStatus);stripe\build.php:16

passthrupassthru(stripe\build.php:23

passthrupassthru("./vendor/bin/phpunit -c $config", $returnStatus);stripe\build.php:33

Bundled Libraries

TinyMCE

SQL Query Safety

87% prepared373 total queries

Output Escaping

94% escaped1908 total outputs

Data Flows · Security

29 unsanitized

Data Flow Analysis

25 flows29 with unsanitized paths

EWD_FEUP_Stripe_Process_Payment (Functions\EWD_FEUP_Process_Stripe_Payment.php:2)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

Front End Users Attack Surface

Entry Points26

Unprotected10

AJAX Handlers 11

authwp_ajax_ewd_feup_update_field_orderFunctions\Process_Ajax.php:11

authwp_ajax_ewd_feup_update_levels_orderFunctions\Process_Ajax.php:24

authwp_ajax_feup_user_eventFunctions\Process_Ajax.php:57

noprivwp_ajax_feup_user_eventFunctions\Process_Ajax.php:58

authwp_ajax_get_ewd_feup_levelsFunctions\Process_Ajax.php:92

authwp_ajax_feup_send_test_emailFunctions\Process_Ajax.php:109

authwp_ajax_feup_send_email_blastFunctions\Process_Ajax.php:134

authwp_ajax_ewd_feup_hide_review_askFunctions\Process_Ajax.php:147

authwp_ajax_ewd_feup_send_feedbackFunctions\Process_Ajax.php:169

authwp_ajax_ewd_feup_hide_uwpm_bannerFunctions\Process_Ajax.php:179

authwp_ajax_feup-dismiss-wp-pointersFunctions\Process_Ajax.php:198

Shortcodes 15

[account-payment] Shortcodes\Insert_Account_Payment.php:325

[confirm-forgot-password] Shortcodes\Insert_Confirm_Forgot_Password.php:21

[account-details] Shortcodes\Insert_Edit_Account.php:21

[edit-profile] Shortcodes\Insert_Edit_Profile.php:180

[forgot-password] Shortcodes\Insert_Forgot_Password.php:18

[login] Shortcodes\Insert_Login_Form.php:18

[login-logout-toggle] Shortcodes\Insert_Login_Logout_Toggle.php:51

[logout] Shortcodes\Insert_Logout.php:18

[register] Shortcodes\Insert_Register_Form.php:18

[reset-password] Shortcodes\Insert_Reset_Password.php:78

[user-data] Shortcodes\Insert_User_Data.php:52

[user-list] Shortcodes\Insert_User_List.php:33

[user-profile] Shortcodes\Insert_User_Profile.php:83

[user-search] Shortcodes\Insert_User_Search.php:33

[restricted] Shortcodes\Privilege_Level.php:101

WordPress Hooks 58

filterblock_categories_allblocks\ewd-feup-blocks.php:2

actioncurrent_screenFunctions\EWD_FEUP_Deactivation_Survey.php:2

actionadmin_enqueue_scriptsFunctions\EWD_FEUP_Deactivation_Survey.php:5

actionadmin_footerFunctions\EWD_FEUP_Deactivation_Survey.php:6

actionadd_meta_boxesFunctions\EWD_FEUP_Full_Page_Restriction.php:7

actionsave_postFunctions\EWD_FEUP_Full_Page_Restriction.php:81

actionedit_attachmentFunctions\EWD_FEUP_Full_Page_Restriction.php:82

filterthe_contentFunctions\EWD_FEUP_Full_Page_Restriction.php:126

actioninitFunctions\EWD_FEUP_IPN.php:7

actionshutdownFunctions\EWD_FEUP_IPN.php:8

actioninitFunctions\EWD_FEUP_Process_Stripe_Payment.php:114

actionwpFunctions\EWD_FEUP_Track_Page_Load.php:2

actionuwpm_register_custom_element_sectionFunctions\EWD_FEUP_UWPM_Integration.php:7

actionuwpm_register_custom_elementFunctions\EWD_FEUP_UWPM_Integration.php:91

actionwidgets_initFunctions\EWD_FEUP_Widgets.php:74

actionwidgets_initFunctions\EWD_FEUP_Widgets.php:167

filterwoocommerce_checkout_fieldsFunctions\EWD_FEUP_WooCommerce_Integration.php:5

filterwc_get_template_partFunctions\EWD_FEUP_WooCommerce_Integration.php:93

filterwoocommerce_locate_templateFunctions\EWD_FEUP_WooCommerce_Integration.php:94

actionuser_registerFunctions\EWD_FEUP_WP_Users_Integration.php:18

actionwp_loginFunctions\EWD_FEUP_WP_Users_Integration.php:24

filterget_user_metadataFunctions\EWD_FEUP_WP_Users_Integration.php:67

actionshow_user_profileFunctions\EWD_FEUP_WP_Users_Integration.php:109

actionedit_user_profileFunctions\EWD_FEUP_WP_Users_Integration.php:110

actionpersonal_options_updateFunctions\EWD_FEUP_WP_Users_Integration.php:140

actionedit_user_profile_updateFunctions\EWD_FEUP_WP_Users_Integration.php:141

actioninitFunctions\Output_Buffering.php:6

actionwp_footerFunctions\Output_Buffering.php:11

filterauth_cookie_expirationFunctions\Process_Front_End_Forms.php:146

actionadmin_menuMain.php:47

actionadmin_headMain.php:48

actionadmin_initMain.php:49

actioninitMain.php:50

actionadmin_noticesMain.php:51

actioninitMain.php:61

actionafter_setup_themeMain.php:93

filtermce_external_pluginsMain.php:109

filterinitMain.php:111

actionwp_enqueue_scriptsMain.php:180

actionwp_headMain.php:231

actionadmin_headMain.php:232

actionwp_enqueue_scriptsMain.php:235

filtermce_buttonsMain.php:252

filtermce_external_pluginsMain.php:253

actionadmin_headMain.php:254

actionadmin_enqueue_scriptsMain.php:296

actioninitMain.php:322

actionactivated_pluginMain.php:330

actionadmin_initMain.php:339

actionadmin_initMain.php:342

actioninitShortcodes\Insert_Confirm_Forgot_Password.php:23

actioninitShortcodes\Insert_Edit_Account.php:23

actioninitShortcodes\Insert_Forgot_Password.php:20

actioninitShortcodes\Insert_Login_Form.php:20

actioninitShortcodes\Insert_Logout.php:20

actioninitShortcodes\Insert_Register_Form.php:20

actioninitShortcodes\Insert_User_List.php:35

actioninitShortcodes\Insert_User_Search.php:35

Maintenance & Trust

Front End Users Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 2, 2025

PHP min version

Downloads231K

Community Trust

Rating82/100

Number of ratings56

Active installs400

Alternatives

Front End Users Alternatives

Frontend Dashboard – Easy Digital Downloads

frontend-dashboard-easy-digital-downloads

A

85

Frontend user dashboard plugin for easy digital downloads.

0 No CVEs

Developer Profile

Front End Users Developer Profile

Rustaurius

21 plugins · 65K total installs

71

trust score

Avg Security Score

89/100

Avg Patch Time

682 days

View full developer profile

Detection Fingerprints

How We Detect Front End Users

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/front-end-only-users/js/ewd-feup-dashboard-review-ask.js/wp-content/plugins/front-end-only-users/js/ShortcodeHelper.js/wp-content/plugins/front-end-only-users/js/Admin.js/wp-content/plugins/front-end-only-users/js/sorttable.js/wp-content/plugins/front-end-only-users/js/jquery.confirm.min.js/wp-content/plugins/front-end-only-users/js/bootstrap.min.js/wp-content/plugins/front-end-only-users/js/ewd-feup-check-password-strength.js/wp-content/plugins/front-end-only-users/js/spectrum.js

Script Paths

/wp-content/plugins/front-end-only-users/js/ewd-feup-dashboard-review-ask.js/wp-content/plugins/front-end-only-users/js/ShortcodeHelper.js/wp-content/plugins/front-end-only-users/js/Admin.js/wp-content/plugins/front-end-only-users/js/sorttable.js/wp-content/plugins/front-end-only-users/js/jquery.confirm.min.js/wp-content/plugins/front-end-only-users/js/bootstrap.min.js+2 more

Version Parameters

front-end-only-users/js/ewd-feup-dashboard-review-ask.js?ver=front-end-only-users/js/ShortcodeHelper.js?ver=front-end-only-users/js/Admin.js?ver=front-end-only-users/js/sorttable.js?ver=front-end-only-users/js/jquery.confirm.min.js?ver=front-end-only-users/js/bootstrap.min.js?ver=front-end-only-users/js/ewd-feup-check-password-strength.js?ver=front-end-only-users/js/spectrum.js?ver=

HTML / DOM Fingerprints

CSS Classes

ewd-feup-dashboard-review-askewd-feup-shortcode-helperewd-feup-admin-jsewd-feup-check-password-strength

Data Attributes

ewd-feup-action

JS Globals

ewd_feup_review_askewd_feup_feup_field_dataewd_feup_ajax_translations

FAQ

Front End Users Security & Risk Analysis

Is Front End Users Safe to Use in 2026?

High Risk

Key Concerns

Front End Users Security Vulnerabilities

CVEs by Year

Severity Breakdown

Front End Users Release Timeline

Front End Users Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Front End Users Attack Surface

AJAX Handlers 11

Shortcodes 15

Front End Users Maintenance & Trust

Maintenance Signals

Community Trust

Front End Users Alternatives

Frontend Dashboard – Easy Digital Downloads

Front End Users Developer Profile

How We Detect Front End Users

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Front End Users