CVE-2026-1644 - WP Frontend Profile <= 1.3.8 - cross-site request forgery to unauthorized user ac...

CVE ID :CVE-2026-1644 Published : March 7, 2026, 12:16 a.m. | 1 hour, 9 minutes ago Description :The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'update_action' function. This makes it possible for unauthenticated attackers to approve or reject user account registrations via a forged request granted they can trick an administrator into performing an action such as clicking on a link. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...