Lucene search
PRIOn knowledge basePRION:CVE-2021-25076HistoryJan 24, 2022 - 8:15 a.m.
Cross site scripting
2022-01-2408:15:00
PRIOn knowledge base
www.prio-n.com
1
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp_user_frontend | lt | 3.5.26 |
Related
nvd
nvd
CVE-2021-25076
2022-01-24 08:15:09
zdt
zdt
cve
cve
CVE-2021-25076
2022-01-24 08:15:09
patchstack
patchstack
wpexploit
wpexploit
WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting
2021-12-27 00:00:00
githubexploit
githubexploit
Exploit for SQL Injection in Wedevs Wp User Frontend
2022-06-04 21:22:10
cnvd
cnvd
WordPress WP User Frontend plugin SQL injection vulnerability
2022-01-26 00:00:00
wpvulndb
wpvulndb
WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting
2021-12-27 00:00:00
cvelist
cvelist
packetstorm
packetstorm
WordPress WP User Frontend 3.5.25 SQL Injection
2022-02-21 00:00:00
exploitdb
exploitdb
WordPress Plugin WP User Frontend 3.5.25 - SQLi (Authenticated)
2022-02-21 00:00:00