141 matches found
WP User Frontend < 3.5.29 - Obscure Registration as Admin
The plugin uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpufencryption. This could allow an attacker having access to the AUTHKEY and AUTHSALT constant via an arbitrary file access issue for...
WordPress WP User Frontend 3.5.25 SQL Injection
Exploit Title: WordPress Plugin WP User Frontend 3.5.25 - SQLi Authenticated Date 20.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wedevs.com/ Software Link: https://downloads.wordpress.org/plugin/wp-user-frontend.3.5.25.zip Version: 3.5.25 Tested on: Ubuntu 20.04 CVE:...
WordPress WP User Frontend 3.5.25 Plugin - SQL injection (Authenticated) Exploit
Exploit Title: WordPress Plugin WP User Frontend 3.5.25 - SQLi Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wedevs.com/ Software Link: https://downloads.wordpress.org/plugin/wp-user-frontend.3.5.25.zip Version: 3.5.25 Tested on: Ubuntu 20.04 CVE: CVE-2021-25076 CWE...
WordPress WP User Frontend plugin SQL injection vulnerability
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. SQL injection vulnerability exists in versions of the WordPress plugin WP User Frontend prior to 3.5.26, which...
CVE-2021-25076
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting...
Cross site scripting
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting...
CVE-2021-25076 WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting...
CVE-2021-25076
The CVE-2021-25076 issue affects the WP User Frontend WordPress plugin
WordPress plugin SQL注入漏洞
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. SQL injection vulnerability exists in versions of the WordPress plugin WP User Frontend prior to 3.5.26, which...
WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting
The plugin does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting...
WordPress WP User Frontend plugin <= 3.5.25 - SQL Injection (SQLi) to Reflected Cross-Site Scripting (XSS)
SQL Injection SQLi to Reflected Cross-Site Scripting XSS discovered by Krzysztof Zając in WordPress WP User Frontend plugin versions = 3.5.25. Solution Update the WordPress WP User Frontend plugin to the latest available version at least 3.5.26...
WordPress WP User Frontend plugin <= 3.5.23 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered in WordPress WP User Frontend plugin versions = 3.5.23. Solution Update the WordPress WP User Frontend plugin to the latest available version at least 3.5.25...
WP User Frontend < 3.5.25 - Admin+ SQL Injection
The plugin does not validate and escape the postid parameter from the Subscribers list before using in a SQL statement, leading to an SQL injection PoC https://example.com/wp-admin/edit.php?posttype=wpufsubscription=wpufsubscribersID=1+AND+%28SELECT+42+FROM+%28SELECT%28SLEEP%285%29%29%29b%29...
WP User Frontend < 3.5.25 - Admin+ SQL Injection
The plugin does not validate and escape the postid parameter from the Subscribers list before using in a SQL statement, leading to an SQL injection https://example.com/wp-admin/edit.php?posttype=wpufsubscription&page=wpufsubscribers&postID=1+AND+%28SELECT+42+FROM+%28SELECT%28SLEEP%285%29%29%29b%2...
WordPress WP User Frontend Plugin Unlimited File Upload Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Unlimited file upload vulnerability exists in WordPress WP User Frontend plugin versions prior to 2.3.11. Allows an attacker ...
WordPress WP User Frontend插件3.4.6文件上传漏洞
No description provided by source...
WordPress WP User Frontend 3.4.6 File Upload
Exploit Title: WordPress WP User Frontend Plugin Unrestricted File Upload Discovery Date: 2016-02-04 Public Disclosure: 2016-02-08 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: https://wedevs.com Software Link:...
WordPress Plugin WP User Frontend 2.3.11 - Unrestricted Arbitrary File Upload
WordPress Plugin WP User Frontend 2.3.11 - Unrestricted Arbitrary File Upload ''' Exploit Title: WordPress WP User Frontend Plugin Unrestricted File Upload Discovery Date: 2016-02-04 Public Disclosure: 2016-02-08 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor...
WordPress WP User Frontend Plugin 2.3.10 - Unrestricted File Upload
Because of this vulnerability, anyone can upload files to the web server by performing certain "wpuffileupload" or "wpufinsertimage" actions. Solution Upgrade the plugin...
WP User Frontend <= 2.3.10 - Unrestricted File Upload
The WP User Frontend – Membership, Profile, Registration & Post Submission Plugin for WordPress WordPress plugin was affected by an Unrestricted File Upload security vulnerability...