CVE-2026-5127

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserialization of Untrusted Data in versions up to, and including, 4.3.1 This is due to insufficient input validation and type checking on the wpuffiles...

EUVD-2026-28538

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserialization of Untrusted Data in versions up to, and including, 4.3.1 This is due to insufficient input validation and type checking on the wpuffiles...

CVE-2026-5127

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserialization of Untrusted Data in versions up to, and including, 4.3.1 This is due to insufficient input validation and type checking on the wpuffiles...

CVE-2026-5127

The CVE-2026-5127 entry concerns the WordPress plugin “User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration.” Affected versions up to 4.3.1 are vulnerable to Deserialization of Untrusted Data via the wpuf_files parameter during form submission, combi...

WordPress plugin WP User Frontend 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress WP User Frontend plugin <= 4.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Sajjad Haqi in WordPress Plugin WP User Frontend versions = 4.3.1...

CVE-2026-24364 WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.5...

WordPress plugin WP User Frontend 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin WP User Frontend 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Advisory ROSA-SA-2026-3252

software: grafana 12.1.8 WASP: ROSA-CHROME unaffected versions = grafana-12.1.8-1 affected versions 3s, timeout and permanently block on sending to an unbuffered channel, resulting in linear growth of goroutines and memory exhaustion. CVE-STATUS: The vulnerability has been resolved CVE-REV: To...

WordPress plugin User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-25537

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the draft post function in all versions up to, and including, 4.2.8. This makes it...

PT-2026-22174

Name of the Vulnerable Software and Affected Versions User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration versions prior to 4.2.9 Description The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration...

PT-2026-20274

Name of the Vulnerable Software and Affected Versions Frontend Post Submission Manager Lite plugin for WordPress versions through 1.2.7 Description The software contains a flaw that allows redirection to potentially malicious sites. This occurs because of inadequate validation of the requested pa...

CVE-2026-22638

A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...

CVE-2026-22638

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2026-22638

...

WordPress WP User Frontend plugin <= 4.2.4 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by shark3y in WordPress Plugin WP User Frontend versions = 4.2.4...

WordPress plugin WP User Frontend 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2026-1040

Name of the Vulnerable Software and Affected Versions WP User Frontend plugin for WordPress versions up to and including 4.2.4 Description The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress has an...