CVE-2024-12410

4.9 MEDIUM

SQL Injection

📋 TL;DR

This SQL injection vulnerability in the Front End Users WordPress plugin allows unauthenticated attackers to inject malicious SQL queries through the 'UserSearchField' parameter. Attackers can extract sensitive information from the database, including user credentials and other confidential data. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

• Front End Users WordPress plugin

Versions: All versions up to and including 3.2.32

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Any WordPress installation with the vulnerable plugin enabled is affected regardless of configuration.

📦 What is this software?

Front End Users by Etoilewebdesign

View all CVEs affecting Front End Users →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to credential theft, data exfiltration, and potential privilege escalation or site takeover.

🟠

Likely Case

Extraction of sensitive user data including usernames, email addresses, and potentially hashed passwords from the WordPress database.

🟢

If Mitigated

Limited information disclosure if database permissions are properly restricted and sensitive data is encrypted.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are commonly weaponized, and unauthenticated access makes this particularly dangerous.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.33 or later

Vendor Advisory: https://plugins.trac.wordpress.org/browser/front-end-only-users/trunk/html/UsersPage.php#L55

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find 'Front End Users' plugin. 4. Click 'Update Now' if available. 5. If no update available, deactivate and delete the plugin, then install the latest version from WordPress repository.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the vulnerable plugin until patched version is available

Copy

wp plugin deactivate front-end-only-users

Web Application Firewall Rule

all

Block SQL injection attempts targeting the UserSearchField parameter

🧯 If You Can't Patch

• Implement a web application firewall (WAF) with SQL injection protection rules
• Restrict database user permissions to minimize potential damage from successful exploitation

🔍 How to Verify

Check if Vulnerable:

Copy

Check plugin version in WordPress admin panel under Plugins > Installed Plugins

Check Version:

Copy

wp plugin list --name=front-end-only-users --field=version

Verify Fix Applied:

Copy

Verify plugin version is 3.2.33 or higher after update

📡 Detection & Monitoring

Log Indicators:

• Unusual SQL queries in database logs
• Multiple failed login attempts from single IP
• Requests with suspicious UserSearchField parameters

Network Indicators:

• HTTP POST requests containing SQL keywords in UserSearchField parameter
• Unusual database connection patterns

SIEM Query:

Copy

source="web_server" AND ("UserSearchField" AND ("UNION" OR "SELECT" OR "INSERT" OR "DELETE" OR "UPDATE"))

📊 Metadata

CVE ID: CVE-2024-12410

CVSS v3 Score: 4.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

EPSS Score: 0.3% exploit probability (52.8th percentile)

Published: April 2, 2025

Last Updated: August 12, 2025

🔗 References

• https://plugins.trac.wordpress.org/browser/front-end-only-users/trunk/html/UsersPage.php#L55 Product
• https://www.wordfence.com/threat-intel/vulnerabilities/id/975ddadd-12f8-4ace-9c1a-489114a2da6a?source=cve Third Party Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12410, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)

CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)

CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)