CVE-2025-2005
published 2025-04-02CVE-2025-2005: The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the…
PriorityP277critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
17.79%
96.8th percentile
The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| etoilewebdesign | front_end_users | <= 3.2.32 | — |
| rustaurius | front_end_users | <= 3.2.32 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cisa9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w6ff-xghx-7936: The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the
ghsa_unreviewed·2025-04-02
CVE-2025-2005 [CRITICAL] CWE-434 GHSA-w6ff-xghx-7936: The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the
The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CISA
Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability
cisa·2025-04-08·CVSS 9.8
CVE-2025-30406 [CRITICAL] CWE-321 Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability
Vulnerability: Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability
Affected: Gladinet CentreStack
Gladinet CentreStack and Triofox contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing for remote code execution.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf ; https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/secu
Citrix
Citrix Security Bulletin CTX107705
vendor_citrix·CVSS 7.5
CVE-2005-3134 [HIGH] Citrix Security Bulletin CTX107705
Citrix Security Bulletin CTX107705
CVE References: CVE-2005-3134, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX105574
vendor_citrix·CVSS 7.5
CVE-2005-0821 [HIGH] Citrix Security Bulletin CTX105574
Citrix Security Bulletin CTX105574
CVE References: CVE-2005-0821, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX105762
vendor_citrix·CVSS 2.1
CVE-2005-0822 [LOW] Citrix Security Bulletin CTX105762
Citrix Security Bulletin CTX105762
CVE References: CVE-2005-0822, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX108208
vendor_citrix·CVSS 4.3
CVE-2005-3971 [MEDIUM] Citrix Security Bulletin CTX108208
Citrix Security Bulletin CTX108208
CVE References: CVE-2005-3971, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX108108
vendor_citrix·CVSS 2.1
CVE-2005-4412 [LOW] Citrix Security Bulletin CTX108108
Citrix Security Bulletin CTX108108
CVE References: CVE-2005-4412, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX108354
vendor_citrix·CVSS 7.5
CVE-2005-3652 [HIGH] Citrix Security Bulletin CTX108354
Citrix Security Bulletin CTX108354
CVE References: CVE-2005-3652, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-02
Published