Lucene search
K

140 matches found

CNNVD
CNNVD
added 2026/03/16 12:0 a.m.8 views

WordPress plugin User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.9AI score0.00193EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.7 views

PT-2026-25537

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the draft post function in all versions up to, and including, 4.2.8. This makes it...

5.3CVSS5.9AI score0.00193EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/03/10 11:3 a.m.6 views

WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin WP User Frontend versions = 4.2.5...

6.5CVSS5.8AI score0.00311EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/27 7:9 a.m.7 views

WordPress User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin <= 4.2.8 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by Williwollo CybrX in WordPress Plugin WP User Frontend versions = 4.2.8...

8.8CVSS5.3AI score0.00545EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/02/26 9:31 p.m.6 views

EUVD-2026-8875

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WPUFAdminSettings::checkfiletypeandext' function and in the...

8.8CVSS6.4AI score0.00545EPSS
Exploits0References7
CVE
CVE
added 2026/02/26 7:23 p.m.13 views

CVE-2026-1565

The CVE-2026-1565 entry describes a vulnerability in the WordPress plugin WP User Frontend (AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration) up to version 4.2.8. Root cause: incorrect file-type validation in WPUF_Admin_Settings::check_filetype_and_ext and Admi...

8.8CVSS6.4AI score0.00545EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.7 views

WordPress plugin User Frontend 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS6.2AI score0.00545EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.6 views

PT-2026-22174

Name of the Vulnerable Software and Affected Versions User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration versions prior to 4.2.9 Description The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration...

8.8CVSS6.3AI score0.00545EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.15 views

CVE-2023-45002

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through 3.6.8...

4.3CVSS8AI score0.00306EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/03 2:22 a.m.10 views

CVE-2025-14047

The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'FrontendFormAjax::submitpost' function in all versions up to,...

5.3CVSS5.3AI score0.00245EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/02 7:13 a.m.6 views

WordPress WP User Frontend plugin <= 4.2.4 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by shark3y in WordPress Plugin WP User Frontend versions = 4.2.4...

5.3CVSS6.7AI score0.00245EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/02 3:15 a.m.7 views

CVE-2025-14047

The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'FrontendFormAjax::submitpost' function in all versions up to,...

5.3CVSS0.00245EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/01/02 1:48 a.m.2 views

CVE-2025-14047 WP User Frontend <= 4.2.4 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion

The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'FrontendFormAjax::submitpost' function in all versions up to,...

5.3CVSS5AI score0.00245EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/01/02 1:48 a.m.28 views

CVE-2025-14047 WP User Frontend <= 4.2.4 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion

The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'FrontendFormAjax::submitpost' function in all versions up to,...

5.3CVSS0.00245EPSS
Exploits0References7
CVE
CVE
added 2026/01/02 1:48 a.m.23 views

CVE-2025-14047

CVE-2025-14047 affects the WP User Frontend plugin for WordPress. A missing capability check in Frontend_Form_Ajax::submit_post in all versions up to 4.2.4 enables unauthenticated attackers to delete attachments, per the provided description. CVSS 3.1/3.1: 5.3 base score; impact indicates Low int...

5.3CVSS5AI score0.00245EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/02 12:0 a.m.6 views

WordPress plugin WP User Frontend 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.3AI score0.00245EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.4 views

PT-2026-1040

Name of the Vulnerable Software and Affected Versions WP User Frontend plugin for WordPress versions up to and including 4.2.4 Description The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress has an...

5.3CVSS6.2AI score0.00245EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-37544

Malicious code in bioql PyPI...

7.6CVSS6.5AI score0.00438EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-30545

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-51780

Malicious code in bioql PyPI...

7.2CVSS6.5AI score0.00635EPSS
Exploits0References1
Rows per page
Query Builder