One of the misconceptions we see out there when it comes to the security of plugins is people believing that because a plugin is created by a company as opposed to an individual or because there is a paid element to it, it will be more secure. That clearly hasn’t been the case with the company Etoile Web Design, which hasn’t fixed multiple vulnerabilities we have reported to them (some of which we discovered and other publicly disclosed by someone else). So it wasn’t really surprising that during our monitoring of the WordPress Support Forum came across a thread about Daniele Scasciafratte noticing a vulnerability in their Front-End Only Users plugin due to it having been exploited on the plugin’s demo site:

...

---

This post provides insights on a vulnerability in the WordPress plugin Front-End Only Users not discovered by us, where the discoverer hadn't provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so the rest of its contents are limited to subscribers of our service.

If you were using our service, you would have already been warned about this vulnerability if your website is vulnerable due to it. You can try out our service for free and then see the rest of the details of the vulnerability.

For existing customers, please log in to your account to view the rest of the contents of the post.