Does WP Frontend Profile have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Frontend Profile have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Frontend Profile compatible with WordPress 6.8.5?

According to WordPress.org data, WP Frontend Profile 1.3.9 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is WP Frontend Profile compatible with PHP 5.2.17+?

WP Frontend Profile requires PHP 5.2.17 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Frontend Profile updated?

WP Frontend Profile was last updated on Feb 21, 2026. Frequent updates are generally a positive security signal.

What is WP Frontend Profile's security score?

WP Frontend Profile has a WP-Safety security score of 83/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Frontend Profile Security & Risk Analysis

wordpress.org/plugins/wp-front-end-profile

WP Frontend Profile allows users to edit/view their profile and register/login without going into the dashboard to do so.

100 active installs v1.3.9 PHP 5.2.17+ WP 4.0.1+ Updated Feb 21, 2026

loginprofileregisteruser-metausers

B · Generally Safe

CVEs total5

Unpatched0

Last CVEMar 6, 2026

Plugin page Download

Safety Verdict

Is WP Frontend Profile Safe to Use in 2026?

Mostly Safe

Score 83/100

WP Frontend Profile is generally safe to use. 5 past CVEs were resolved. Keep it updated.

5 known CVEsLast CVE: Mar 6, 2026Updated 1mo ago

Risk Assessment

The wp-front-end-profile plugin exhibits a mixed security posture. While it demonstrates strong adherence to secure coding practices with 100% of SQL queries using prepared statements and a high percentage of output being properly escaped, there are significant areas of concern. The taint analysis reveals two high-severity flows with unsanitized paths, indicating potential vulnerabilities where user-supplied data could be manipulated to execute unintended actions or access sensitive information. Furthermore, the plugin's history of 5 known CVEs, including 2 critical and 1 high severity, spanning various common vulnerability types like CSRF, missing authorization, XSS, and privilege management, suggests a recurring pattern of security weaknesses. Although no currently unpatched vulnerabilities are listed and recent security measures like nonce and capability checks are present, the historical trend and high-severity taint flows warrant caution. The plugin's strengths lie in its robust handling of SQL and output escaping, but the presence of unsanitized paths and a history of critical vulnerabilities present a notable risk.

Key Concerns

High severity unsanitized taint flows
History of 2 critical CVEs
History of 1 high CVE
Bundled outdated Freemius v1.0

Vulnerabilities

WP Frontend Profile Security Vulnerabilities

CVEs by Year

2 CVEs in 2016

2016

1 CVE in 2020

2020

1 CVE in 2023

2023

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

5 total CVEs

CVE-2026-1644medium · 4.3Cross-Site Request Forgery (CSRF)

WP Frontend Profile <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection

Mar 6, 2026 Patched in 1.3.9 (1d)

CVE-2023-51483critical · 9.8Missing Authorization

WP Frontend Profile <= 1.3.1 - Unauthenticated Privilege Escalation

Dec 27, 2023 Patched in 1.3.2 (147d)

WF-ab520bcb-5739-4b99-ad93-73416ab39084-wp-front-end-profilehigh · 8.8Cross-Site Request Forgery (CSRF)

WP Frontend Profile <= 1.2.1 - Cross-Site Request Forgery

May 19, 2020 Patched in 1.2.2 (1344d)

CVE-2019-15110medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Front End Profile <= 0.2.1 - Stored Cross-Site Scripting

Sep 14, 2016 Patched in 0.2.2 (3192d)

CVE-2019-15111critical · 9.8Improper Privilege Management

WP Front End Profile <= 0.2.1 - Privilege Escalation

Sep 14, 2016 Patched in 0.2.2 (3192d)

Code Analysis

Analyzed Mar 16, 2026

WP Frontend Profile Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

501 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2Freemius1.0

SQL Query Safety

100% prepared8 total queries

Output Escaping

94% escaped534 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

10 flows2 with unsanitized paths

wpfep_hide_review_ask (functions\wpfep-functions.php:568)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Frontend Profile Attack Surface

Entry Points9

Unprotected0

AJAX Handlers 5

authwp_ajax_wpfep_hide_review_askfunctions\wpfep-functions.php:585

authwp_ajax_wpfep_send_feedbackfunctions\wpfep-functions.php:608

authwp_ajax_delete_capability_permanentlyinc\class-wpfep-roles-editor.php:35

authwp_ajax_update_role_capabilitiesinc\class-wpfep-roles-editor.php:36

authwp_ajax_get_role_capabilitiesinc\class-wpfep-roles-editor.php:37

Shortcodes 4

[wpfep] functions\shortcode.php:19

[wpfep-login] inc\class-wpfep-login.php:44

[wpfep-profile] inc\class-wpfep-profile.php:43

[wpfep-register] inc\class-wpfep-registration.php:52

WordPress Hooks 78

actioncurrent_screenadmin\class-wpfep-admin-help.php:20

actionadmin_noticesadmin\class-wpfep-admin-installer.php:25

actionadmin_initadmin\class-wpfep-admin-installer.php:26

filterdisplay_post_statesadmin\class-wpfep-admin-installer.php:27

actionadmin_menuadmin\class-wpfep-admin-settings.php:51

actionadmin_initadmin\class-wpfep-admin-settings.php:52

actionadmin_initadmin\class-wpfep-admin-settings.php:53

actionadmin_enqueue_scriptsadmin\class-wpfep-settings-api.php:35

filtermce_external_pluginsadmin\class-wpfep-shortcodes-button.php:22

filtermce_buttonsadmin\class-wpfep-shortcodes-button.php:23

actionadmin_enqueue_scriptsadmin\class-wpfep-shortcodes-button.php:25

actionadmin_enqueue_scriptsadmin\class-wpfep-shortcodes-button.php:26

filterwpfep_fields_profilefunctions\default-fields.php:66

filterwpfep_fields_profilefunctions\default-fields.php:89

filterwpfep_fields_passwordfunctions\default-fields.php:112

actionwpfep_before_tabsfunctions\save-fields.php:234

actionwpfep_before_tabsfunctions\save-fields.php:373

actionwp_enqueue_scriptsfunctions\scripts.php:34

filterwpfep_tabsfunctions\tabs.php:36

filterwpfep_tabsfunctions\tabs.php:60

actionwpfep_after_tab_fieldsfunctions\wpfep-functions.php:403

filteruser_row_actionsfunctions\wpfep-functions.php:926

filtermanage_users_columnsfunctions\wpfep-functions.php:945

filtermanage_users_custom_columnfunctions\wpfep-functions.php:979

actionload-users.phpfunctions\wpfep-functions.php:1033

actionadmin_enqueue_scriptsfunctions\wpfep-functions.php:1044

actionenqueue_block_editor_assetsfunctions\wpfep-gutenberg-block.php:17

actionplugins_loadedinc\class-wp-frontend-profile.php:49

actioninitinc\class-wp-frontend-profile.php:50

filtershow_admin_barinc\class-wp-frontend-profile.php:51

actionadmin_noticesinc\class-wp-frontend-profile.php:53

actionplugins_loadedinc\class-wpfep-captcha-hcaptcha.php:51

actionwp_enqueue_scriptsinc\class-wpfep-captcha-hcaptcha.php:54

actionplugins_loadedinc\class-wpfep-captcha-recaptcha.php:59

actionwp_enqueue_scriptsinc\class-wpfep-captcha-recaptcha.php:63

actionwidgets_initinc\class-wpfep-login-widget.php:91

actioninitinc\class-wpfep-login.php:46

actioninitinc\class-wpfep-login.php:47

actioninitinc\class-wpfep-login.php:48

actioninitinc\class-wpfep-login.php:50

actioninitinc\class-wpfep-login.php:51

actionlogin_forminc\class-wpfep-login.php:52

filterlogin_urlinc\class-wpfep-login.php:55

filterlogout_urlinc\class-wpfep-login.php:56

filterlostpassword_urlinc\class-wpfep-login.php:57

filterauthenticateinc\class-wpfep-login.php:58

filterwp_login_errorsinc\class-wpfep-login.php:744

actionretrieve_password_keyinc\class-wpfep-login.php:758

filterredirect_canonicalinc\class-wpfep-login.php:795

actionwpfep_profile_paginationinc\class-wpfep-profile.php:44

actioninitinc\class-wpfep-registration.php:53

actioninitinc\class-wpfep-roles-editor.php:12

actioncurrent_screeninc\class-wpfep-roles-editor.php:15

filtermanage_wpfep-roles-editor_posts_columnsinc\class-wpfep-roles-editor.php:18

actionmanage_wpfep-roles-editor_posts_custom_columninc\class-wpfep-roles-editor.php:19

actionadd_meta_boxesinc\class-wpfep-roles-editor.php:22

actionpost_submitbox_misc_actionsinc\class-wpfep-roles-editor.php:25

actionadmin_enqueue_scriptsinc\class-wpfep-roles-editor.php:28

actionsave_postinc\class-wpfep-roles-editor.php:31

filterwp_insert_post_datainc\class-wpfep-roles-editor.php:33

filtermonths_dropdown_resultsinc\class-wpfep-roles-editor.php:39

filterpost_row_actionsinc\class-wpfep-roles-editor.php:40

filterbulk_actions-edit-wpfep-roles-editorinc\class-wpfep-roles-editor.php:42

filterviews_edit-wpfep-roles-editorinc\class-wpfep-roles-editor.php:43

filterenter_title_hereinc\class-wpfep-roles-editor.php:45

filterpost_updated_messagesinc\class-wpfep-roles-editor.php:46

actionbefore_delete_postinc\class-wpfep-roles-editor.php:47

actionload-user-new.phpinc\class-wpfep-roles-editor.php:50

actionload-user-edit.phpinc\class-wpfep-roles-editor.php:51

actionuser_new_forminc\class-wpfep-roles-editor.php:1228

actionuser_registerinc\class-wpfep-roles-editor.php:1230

actionpersonal_optionsinc\class-wpfep-roles-editor.php:1237

actionprofile_updateinc\class-wpfep-roles-editor.php:1239

actionadmin_enqueue_scriptsinc\class-wpfep-roles-editor.php:1356

actionadmin_footerinc\class-wpfep-roles-editor.php:1360

actionadmin_headinc\class-wpfep-roles-editor.php:1365

actionadmin_footerinc\class-wpfep-roles-editor.php:1366

filterplugin_row_metawp-frontend-profile.php:96

Maintenance & Trust

WP Frontend Profile Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedFeb 21, 2026

PHP min version5.2.17

Downloads22K

Community Trust

Rating86/100

Number of ratings8

Active installs100

Alternatives

WP Frontend Profile Alternatives

Login Logout Menu

100

Login Logout Menu is a handy plugin which allows you to add login, logout, register and profile menu items in your selected menu.

20K 1 CVE

JSON API User

json-api-user

Extends the JSON API Plugin to allow RESTful user registration, authentication & many other User Meta, BP functions. A Pro version is also available.

1K 1 CVE

Frontend Dashboard

frontend-dashboard

Frontend Dashboard is bundled with huge list of custom features which can easily customise the User profile, Posts, Login, Register, Custom roles.

600 8 CVEs

BP XProfile Shortcode

bp-xprofile-shortcode

Adds Shortcode for BuddyPress XProfile data

50 No CVEs

Multibyte CAPTCHA login and Mail only register

user-mail-only-register

100

Multibyte CAPTCHA login form and register users with mail only.

30 No CVEs

Developer Profile

WP Frontend Profile Developer Profile

Glowlogix

1 plugin · 100 total installs

trust score

Avg Security Score

83/100

Avg Patch Time

1575 days

View full developer profile

Detection Fingerprints

How We Detect WP Frontend Profile

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-front-end-profile/assets/css/wpfep-admin-style.css/wp-content/plugins/wp-front-end-profile/assets/js/admin.js/wp-content/plugins/wp-front-end-profile/assets/js/settings.js

Script Paths

/wp-content/plugins/wp-front-end-profile/freemius/start.php

Version Parameters

wp-front-end-profile/assets/css/wpfep-admin-style.css?ver=wp-front-end-profile/assets/js/admin.js?ver=wp-front-end-profile/assets/js/settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpfep-admin-style

Data Attributes

data-wpfep-id

JS Globals

wfep_fswpfep_admin_params

FAQ