CVE-2025-2005

Name of the Vulnerable Software and Affected Versions Front End Users plugin for WordPress versions up to, and including, 3.2.32

Description The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server, which may make remote code execution possible.

Recommendations For versions up to, and including, 3.2.32, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the file uploads field in the registration form until a patch is available. Restrict access to the registration form to minimize the risk of exploitation. Avoid using the file uploads feature in the affected plugin until the issue is resolved.