Description
WordPress Plugin WP Frontend Profile is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions; other attacks are also possible. WordPress Plugin WP Frontend Profile version 1.2.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2.2 or latest
References
https://github.com/glowlogix/wp-frontend-profile/issues/52
https://github.com/glowlogix/wp-frontend-profile/blob/master/CHANGELOG.md
Related Vulnerabilities
Oracle JRE CVE-2013-2425 Vulnerability (CVE-2013-2425)
WordPress Plugin Side Menu Lite-add sticky fixed buttons SQL Injection (2.2.5)
WordPress Plugin Restaurant Reservations Privilege Escalation (1.3)
WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.27)
WordPress Plugin Social Networking & E-commerce Arbitrary File Upload (0.0.32)