Wp User Frontend Security Vulnerabilities and Issues — Wp User Frontend CVE List

Lucene search

WedevsWp User Frontend

5 matches found

CVE•added 2024/05/17 9:15 a.m.•76 views

CVE-2023-47682

Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.This issue affects WP User Frontend: from n/a through 3.6.5.

7.2CVSS6.8AI score0.00233EPSS

CVE•added 2022/01/24 8:15 a.m.•69 views

CVE-2021-25076

The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting

8.8CVSS8.7AI score0.47648EPSS

CVE•added 2025/01/02 12:15 p.m.•60 views

CVE-2023-45002

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through 3.6.8.

4.3CVSS4.7AI score0.00081EPSS

CVE•added 2022/11/21 11:15 a.m.•51 views

CVE-2021-24649

The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). This could allow an attacker having access to the AUTH_KEY and AUTH_SALT constant ...

9.8CVSS9.5AI score0.00217EPSS

CVE•added 2024/08/29 2:15 p.m.•51 views

CVE-2024-38693

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7.

7.6CVSS7.7AI score0.00398EPSS