Lucene search
Krzysztof ZającWPVDB-ID:6D3EEBA6-5560-4380-A6E9-F008A9112AC6HistoryDec 27, 2021 - 12:00 a.m.
WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting
2021-12-2700:00:00
Krzysztof Zając
wpscan.com
9
0.005 Low
EPSS
Percentile
77.2%
The plugin does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting
PoC
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp-user-frontend | lt | 3.5.26 |
Related
nvd
nvd
CVE-2021-25076
2022-01-24 08:15:09
zdt
zdt
prion
prion
Cross site scripting
2022-01-24 08:15:00
cve
cve
CVE-2021-25076
2022-01-24 08:15:09
patchstack
patchstack
cvelist
cvelist
packetstorm
packetstorm
WordPress WP User Frontend 3.5.25 SQL Injection
2022-02-21 00:00:00
wpexploit
wpexploit
WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting
2021-12-27 00:00:00
githubexploit
githubexploit
Exploit for SQL Injection in Wedevs Wp User Frontend
2022-06-04 21:22:10
cnvd
cnvd
WordPress WP User Frontend plugin SQL injection vulnerability
2022-01-26 00:00:00
exploitdb
exploitdb
WordPress Plugin WP User Frontend 3.5.25 - SQLi (Authenticated)
2022-02-21 00:00:00