2 matches found
CVE-2026-5459
The CVE-2026-5459 entry concerns the WordPress plugin “User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration” up to version 4.3.1. The vulnerability is an Insecure Direct Object Reference in the payment_page() function caused by missing validation on ...
CVE-2026-5459 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.1 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Subscription Overwrite
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.1 via the paymentpage function due to missing validation on the 'userid' user...