Description
Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from n/a through <= 3.2.35.
Published: 2025-05-15
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a missing authorization flaw that allows an attacker to access data that should be restricted to authorized users. The flaw is classified as CWE‑862 (Missing Authorization). If exploited, it could lead to the disclosure of sensitive user information and compromise the confidentiality of the application content.

Affected Systems

The affected product is the Rustaurius Front End Users plugin for WordPress. All released versions up to and including 3.2.35 are vulnerable; newer releases are not mentioned as affected.

Risk and Exploitability

The CVSS score of 5.4 indicates a moderate severity, and the EPSS score of <1% suggests a low probability of exploitation as of the latest assessment. It is not listed in CISA’s KEV catalog. The likely attack vector is the website’s front‑end, where any visitor can request restricted pages or data. No special privileges or additional authentication is required to exploit the broken access controls, making the vulnerability easily usable by unauthenticated actors.

Generated by OpenCVE AI on April 30, 2026 at 13:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Rustaurius Front End Users plugin to a version newer than 3.2.35 or to the latest available release that addresses the missing authorization flaw.
  • If an update is not available or feasible, disable or uninstall the plugin entirely to eliminate the risk path.
  • After updating or disabling the plugin, verify that any remaining front‑end user features enforce proper role‑based access controls so that only authorized user roles can view restricted content.

Generated by OpenCVE AI on April 30, 2026 at 13:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-15186 Missing Authorization vulnerability in Rustaurius Front End Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from n/a through 3.2.32.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Rustaurius Front End Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from n/a through 3.2.32. Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from n/a through <= 3.2.35.
Title WordPress Front End Users plugin <= 3.2.32 - Sensitive Data Exposure vulnerability WordPress Front End Users plugin <= 3.2.35 - Broken Access Control vulnerability
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 12 Aug 2025 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Etoilewebdesign
Etoilewebdesign front End Users
CPEs cpe:2.3:a:etoilewebdesign:front_end_users:*:*:*:*:*:wordpress:*:*
Vendors & Products Etoilewebdesign
Etoilewebdesign front End Users

Thu, 15 May 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 15 May 2025 17:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Rustaurius Front End Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from n/a through 3.2.32.
Title WordPress Front End Users plugin <= 3.2.32 - Sensitive Data Exposure vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Etoilewebdesign Front End Users
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:45.850Z

Reserved: 2025-05-07T09:55:31.577Z

Link: CVE-2025-47580

cve-icon Vulnrichment

Updated: 2025-05-15T18:16:25.665Z

cve-icon NVD

Status : Modified

Published: 2025-05-15T17:15:55.553

Modified: 2026-04-23T15:30:32.360

Link: CVE-2025-47580

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T13:15:37Z

Weaknesses