Lucene search
K

6 matches found

NVD
NVD
added 2025/06/05 6:15 a.m.16 views

CVE-2025-3055

The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteavatarajax function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

8.1CVSS0.00703EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/05 5:23 a.m.35 views

CVE-2025-3054 WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Upload

The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadfiles function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...

8.8CVSS0.00797EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/06/05 5:23 a.m.11 views

CVE-2025-3054 WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Upload

The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadfiles function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...

8.8CVSS8.9AI score0.00797EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/06/05 5:23 a.m.20 views

CVE-2025-3055 WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Deletion

The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteavatarajax function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

8.1CVSS0.00703EPSS
Exploits0References2
CVE
CVE
added 2025/06/05 5:23 a.m.77 views

CVE-2025-3054

The CVE-2025-3054 entry affects the WP User Frontend Pro plugin for WordPress, with versions up to 4.1.3. The vulnerability is an arbitrary file upload due to missing file type validation in upload_files(), impacting authenticated users at Subscriber level and above, under conditions where the Pr...

8.8CVSS8.9AI score0.00797EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/06/05 12:0 a.m.5 views

PT-2025-23895 · WordPress · Wp User Frontend Pro

Name of the Vulnerable Software and Affected Versions: WP User Frontend Pro plugin for WordPress versions up to, and including, 4.1.3 Description: The issue is related to insufficient file path validation in the delete avatar ajax function, allowing authenticated attackers with Subscriber-level...

8.1CVSS8.2AI score0.00703EPSS
Exploits0References7
Rows per page
Query Builder