Lucene search

Wp User Frontend Security Vulnerabilities

cve

CVE-2020-36666

The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress...

8.8CVSS

8.5AI Score

0.001EPSS

2023-03-27 04:15 PM

cve

CVE-2021-24649

The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). This could allow an attacker having access to the AUTH_KEY and AUTH_SALT constant ...

9.8CVSS

9.4AI Score

0.003EPSS

2022-11-21 11:15 AM

cve

CVE-2021-25076

The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting

8.8CVSS

8.6AI Score

0.008EPSS

2022-01-24 08:15 AM

cve

CVE-2024-38693

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7.

7.6CVSS

7.9AI Score

0.001EPSS

2024-08-29 02:15 PM