5 matches found
CVE-2025-3054
The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadfiles function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...
CVE-2025-3054
creationtimestamp| type| source ---|---|--- 2025-06-05 06:01:27+00:00| published-proof-of-concept| Telegram/uHWvAuvUwozE9xqR-TnjEBub-qWhHMqFHErXUgC3HaO00ME 2025-06-05 06:49:03+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqtq34qno7v2...
CVE-2025-3054 WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Upload
The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadfiles function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...
CVE-2025-3054 WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Upload
The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadfiles function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...
CVE-2025-3054
The CVE-2025-3054 entry affects the WP User Frontend Pro plugin for WordPress, with versions up to 4.1.3. The vulnerability is an arbitrary file upload due to missing file type validation in upload_files(), impacting authenticated users at Subscriber level and above, under conditions where the Pr...