Lucene search
China National Vulnerability DatabaseCNVD-2022-19829HistoryJan 26, 2022 - 12:00 a.m.
WordPress WP User Frontend plugin SQL injection vulnerability
2022-01-2600:00:00
China National Vulnerability Database
www.cnvd.org.cn
20
0.005 Low
EPSS
Percentile
77.2%
WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. SQL injection vulnerability exists in versions of the WordPress plugin WP User Frontend prior to 3.5.26, which stems from the fact that the WP User Frontend WordPress plugin uses the following SQL statement in the subscription server dashboard The status parameter is not validated and escaped before it is used in the subscription server dashboard. An attacker could exploit this vulnerability to execute illegal SQL commands.
| CPE | Name | Operator | Version |
|---|---|---|---|
| WordPress1 WP User Frontend Plugin | lt | 3.5.26 |
Related
nvd
nvd
CVE-2021-25076
2022-01-24 08:15:09
zdt
zdt
prion
prion
Cross site scripting
2022-01-24 08:15:00
cve
cve
CVE-2021-25076
2022-01-24 08:15:09
patchstack
patchstack
wpexploit
wpexploit
WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting
2021-12-27 00:00:00
githubexploit
githubexploit
Exploit for SQL Injection in Wedevs Wp User Frontend
2022-06-04 21:22:10
wpvulndb
wpvulndb
WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting
2021-12-27 00:00:00
cvelist
cvelist
packetstorm
packetstorm
WordPress WP User Frontend 3.5.25 SQL Injection
2022-02-21 00:00:00
exploitdb
exploitdb
WordPress Plugin WP User Frontend 3.5.25 - SQLi (Authenticated)
2022-02-21 00:00:00