CVE-2026-12418
CVE-2026-12418 describes a vulnerability in the WordPress plugin “User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration” (versions up to 4.3.7). An insecure direct object reference exists via the wpuf_files_data parameter due to missing validation on ...