| CVE-2026-27679 | Missing Authorization check in SAP S/4HANA Frontend OData Service (Manage Reference Structures) | SAP_SE | SAP S/4HANA Frontend OData Service (Manage Reference Structures) | Medium | 6.5 | 2026-04-14 00:07:45 | Deep Dive |
| CVE-2026-39688 | WordPress WP Frontend Profile plugin <= 1.3.9 - Broken Access Control vulnerability | Glowlogix | WP Frontend Profile | - | - | 2026-04-08 08:30:44 | Deep Dive |
| CVE-2026-3477 | PZ Frontend Manager <= 1.0.6 - Missing Authorization to Arbitrary User Deletion via 'dataType' Parameter | projectzealous01 | PZ Frontend Manager | Medium | 5.3 | 2026-04-08 06:43:41 | Deep Dive |
| CVE-2026-4896 | WCFM - WooCommerce Frontend Manager <= 6.7.25 - Insecure Direct Object References to Autenticated (Vendor+) Arbitrary Post/Product Manipulation | wclovers | WCFM – Frontend Manager for WooCommerce | High | 8.1 | 2026-04-04 07:42:00 | Deep Dive |
| CVE-2026-3328 | Frontend Admin by DynamiApps <= 3.28.31 - Authenticated (Editor+) PHP Object Injection via 'post_content' of Admin Form Posts | shabti | Frontend Admin by DynamiApps | High | 7.2 | 2026-03-26 02:25:20 | Deep Dive |
| CVE-2026-32485 | WordPress WP User Frontend plugin <= 4.2.8 - Broken Access Control vulnerability | weDevs | WP User Frontend | 中危 | - | 2026-03-25 16:14:58 | Deep Dive |
| CVE-2026-24364 | WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability | weDevs | WP User Frontend | Medium | 6.5 | 2026-03-25 16:14:32 | Deep Dive |
| CVE-2026-2233 | User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter | wedevs | User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration | Medium | 5.3 | 2026-03-15 02:19:15 | Deep Dive |
| CVE-2026-1867 | WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure | Unknown | Guest posting / Frontend Posting / Front Editor | - | - | 2026-03-11 06:00:09 | Deep Dive |
| CVE-2026-1644 | WP Frontend Profile <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection | glowlogix | WP Frontend Profile | Medium | 4.3 | 2026-03-06 23:22:59 | Deep Dive |
| CVE-2026-28126 | WordPress RH Frontend Publishing Pro plugin < 4.3.4 - Cross Site Scripting (XSS) vulnerability | sizam | RH Frontend Publishing Pro | 中危 | - | 2026-03-05 05:54:30 | Deep Dive |
| CVE-2026-1565 | User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Authenticated (Author+) Arbitrary File Upload | wedevs | User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration | High | 8.8 | 2026-02-26 19:23:10 | Deep Dive |
| CVE-2026-25005 | WordPress Frontend File Manager plugin <= 23.5 - Insecure Direct Object References (IDOR) vulnerability | N-Media | Frontend File Manager | - | - | 2026-02-19 08:26:52 | Deep Dive |
| CVE-2026-1296 | Frontend Post Submission Manager Lite <= 1.2.7 - Unauthenticated Open Redirect via 'requested_page' Parameter | wpshuffle | Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin | Medium | 6.1 | 2026-02-18 04:35:44 | Deep Dive |
| CVE-2025-12071 | Frontend User Notes <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note Modification | absikandar | Frontend User Notes | Medium | 4.3 | 2026-02-18 04:35:43 | Deep Dive |
| CVE-2026-0829 | Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending | Unknown | Frontend File Manager Plugin | - | - | 2026-02-17 06:00:07 | Deep Dive |
| CVE-2026-0845 | WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update | wclovers | WCFM – Frontend Manager for WooCommerce | High | 7.2 | 2026-02-09 23:23:28 | Deep Dive |
| CVE-2026-1280 | Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter | nmedia | Frontend File Manager Plugin | High | 7.5 | 2026-01-28 11:23:41 | Deep Dive |
| CVE-2025-68904 | WordPress JNews - Frontend Submit plugin <= 11.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | jegtheme | JNews - Frontend Submit | - | - | 2026-01-22 16:52:13 | Deep Dive |
| CVE-2025-14741 | Frontend Admin by DynamiApps <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element | shabti | Frontend Admin by DynamiApps | Critical | 9.1 | 2026-01-09 07:22:11 | Deep Dive |