{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1644", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-01-29T18:33:42.845Z", "datePublished": "2026-03-06T23:22:59.416Z", "dateUpdated": "2026-04-08T17:01:12.868Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:01:12.868Z"}, "affected": [{"vendor": "glowlogix", "product": "WP Frontend Profile", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.3.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'update_action' function. This makes it possible for unauthenticated attackers to approve or reject user account registrations via a forged request granted they can trick an administrator into performing an action such as clicking on a link."}], "title": "WP Frontend Profile <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/74b186fd-5825-4a20-829b-6b8a5ddbe853?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-front-end-profile/tags/1.3.8/functions/wpfep-functions.php#L987"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-front-end-profile/trunk/functions/wpfep-functions.php#L987"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3466608%40wp-front-end-profile&new=3466608%40wp-front-end-profile&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "JohSka"}], "timeline": [{"time": "2026-03-06T11:21:23.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-09T19:00:30.336911Z", "id": "CVE-2026-1644", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T19:34:25.451Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1644", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-09T19:00:30.336911Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T19:00:31.366Z"}}], "cna": {"title": "WP Frontend Profile <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection", "credits": [{"lang": "en", "type": "finder", "value": "JohSka"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "glowlogix", "product": "WP Frontend Profile", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.3.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-03-06T11:21:23.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/74b186fd-5825-4a20-829b-6b8a5ddbe853?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-front-end-profile/tags/1.3.8/functions/wpfep-functions.php#L987"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-front-end-profile/trunk/functions/wpfep-functions.php#L987"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3466608%40wp-front-end-profile&new=3466608%40wp-front-end-profile&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'update_action' function. This makes it possible for unauthenticated attackers to approve or reject user account registrations via a forged request granted they can trick an administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:01:12.868Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1644", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:01:12.868Z", "dateReserved": "2026-01-29T18:33:42.845Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-03-06T23:22:59.416Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'update_action' function. This makes it possible for unauthenticated attackers to approve or reject user account registrations via a forged request granted they can trick an administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El plugin WP Frontend Profile para WordPress es vulnerable a falsificaci\u00f3n de petici\u00f3n en sitios cruzados en todas las versiones hasta la 1.3.8, inclusive. Esto se debe a la falta de validaci\u00f3n de nonce en la funci\u00f3n 'update_action'. Esto hace posible que atacantes no autenticados aprueben o rechacen registros de cuentas de usuario a trav\u00e9s de una petici\u00f3n falsificada, siempre que puedan enga\u00f1ar a un administrador para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2026-1644", "lastModified": "2026-04-22T21:27:27.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-03-07T00:16:13.100", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-front-end-profile/tags/1.3.8/functions/wpfep-functions.php#L987"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-front-end-profile/trunk/functions/wpfep-functions.php#L987"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3466608%40wp-front-end-profile&new=3466608%40wp-front-end-profile&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/74b186fd-5825-4a20-829b-6b8a5ddbe853?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.3.8]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "WP Frontend Profile", "source": "cna", "vendor": "glowlogix"}, "product": "wp_frontend_profile", "vendor": "glowlogix"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-15T19:52:48.692626+00:00", "value": {"mitigation_remediation": ["Update the WP Frontend Profile plugin to the latest available release (\u2265\u202f1.3.9) to restore nonce validation in the update_action routine.", "Disable the account approval/rejection feature via the plugin's settings or add a temporary configuration file that blocks state changes until the plugin is patched.", "Enforce an admin\u2011only CSRF token check by adding a custom hook that validates a nonce before processing any account approval request, ensuring that only legitimate admin actions are accepted."], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Request Forgery allowing an unauthenticated attacker to approve or reject user account registrations by forging a request that an administrator may execute"}, "threat_synthesis": {"affected_systems": "The vulnerability affects WordPress installations that have the WP Frontend Profile plugin v1.3.8 or earlier configured. No specific WordPress core or other plugins are listed. Administrators using any of these plugin versions are susceptible.", "description_and_impact": "The WP Frontend Profile plugin for WordPress contains a CSRF vulnerability in all releases up to and including 1.3.8. The flaw stems from missing nonce validation in the 'update_action' handler, which processes account approval or rejection requests. An attacker can craft a forged request and entice an administrator into clicking a link or submitting a form, causing the targeted user account to be prematurely approved or deliberately rejected. This compromises the integrity of the user registration workflow and could be leveraged to grant unauthorized access or deny legitimate users. The weakness corresponds to CWE\u2011352. No confidential data is disclosed, but the integrity of account states is directly altered.", "risk_and_exploitability": "The CVSS v3.1 score of 4.3 indicates a moderate risk, primarily due to the limited attack scope. The EPSS score is less than 1\u202f%, suggesting low current exploitation likelihood, and the vulnerability is not identified in CISA\u2019s KEV catalog. Exploitation requires the attacker to succeed in social\u2011engineering the site administrator into executing a forged request; no local or remote code execution is possible. If an administrator follows the malicious link, the plugin will process the approval or rejection without further user input, providing a straightforward attack path. Given the modest severity, the attack remains non\u2011destructive but can lead to premature account activation which may be leveraged in subsequent attack chains."}}}}, "created": "2026-03-09T10:06:14.605449+00:00", "updated": "2026-04-15T20:00:06.617812+00:00", "vendors": ["glowlogix", "glowlogix$PRODUCT$wp_frontend_profile", "wordpress", "wordpress$PRODUCT$wordpress"]}