Lucene search
WPScanCVELIST:CVE-2021-25076HistoryJan 24, 2022 - 8:01 a.m.
CVE-2021-25076 WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting
2022-01-2408:01:24
CWE-89
WPScan
www.cve.org
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting
CNA Affected
[
{
"product": "WP User Frontend – Membership, Profile, Registration & Post Submission Plugin for WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.5.26",
"status": "affected",
"version": "3.5.26",
"versionType": "custom"
}
]
}
]Related
prion
prion
Cross site scripting
2022-01-24 08:15:00
nvd
nvd
CVE-2021-25076
2022-01-24 08:15:09
zdt
zdt
cve
cve
CVE-2021-25076
2022-01-24 08:15:09
patchstack
patchstack
cnvd
cnvd
WordPress WP User Frontend plugin SQL injection vulnerability
2022-01-26 00:00:00
githubexploit
githubexploit
Exploit for SQL Injection in Wedevs Wp User Frontend
2022-06-04 21:22:10
wpexploit
wpexploit
WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting
2021-12-27 00:00:00
wpvulndb
wpvulndb
WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting
2021-12-27 00:00:00
packetstorm
packetstorm
WordPress WP User Frontend 3.5.25 SQL Injection
2022-02-21 00:00:00
exploitdb
exploitdb
WordPress Plugin WP User Frontend 3.5.25 - SQLi (Authenticated)
2022-02-21 00:00:00