SQL Injection (SQLi) to Reflected Cross-Site Scripting (XSS) discovered by Krzysztof Zając in WordPress WP User Frontend plugin (versions <= 3.5.25).
Update the WordPress WP User Frontend plugin to the latest available version (at least 3.5.26).
CPE | Name | Operator | Version |
---|---|---|---|
wp user frontend | le | 3.5.25 |