cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwp-user-frontend wp-user-frontend

Direction: ascending
Jun 07, 2024

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss # CVE-2021-24649

CVE, Research URL

CVE-2021-24649

Home page URL

Security reports for WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Application

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Date
Nov 21, 2022
Research Description
The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). This could allow an attacker having access to the AUTH_KEY and AUTH_SALT constant (via an arbitrary file access issue for example, or if the blog is using the default keys) to create an account with any role they want, such as admin
Affected versions
max 3.6.9.
Status
vulnerable

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss # CVE-2021-25076

CVE, Research URL

CVE-2021-25076

Home page URL

Security reports for WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Application

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Date
Jan 24, 2022
Research Description
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting
Affected versions
max 3.5.25.
Status
vulnerable

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss # CVE-2023-47682

CVE, Research URL

CVE-2023-47682

Home page URL

Security reports for WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Application

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Date
May 17, 2024
Research Description
Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.This issue affects WP User Frontend: from n/a through 3.6.5.
Affected versions
max 4.0.8.
Status
vulnerable
Jun 10, 2024

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss # CVE-2023-45002

CVE, Research URL

CVE-2023-45002

Home page URL

Security reports for WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Application

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Date
Jan 02, 2025
Research Description
Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through 3.6.8.
Affected versions
max 3.6.9.
Status
vulnerable
Aug 04, 2024

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss # CVE-2024-38693

CVE, Research URL

CVE-2024-38693

Home page URL

Security reports for WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Application

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Date
Aug 29, 2024
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7.
Affected versions
max 4.0.8.
Status
vulnerable
Oct 12, 2025

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss # CVE-2025-58672

CVE, Research URL

CVE-2025-58672

Home page URL

Security reports for WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Application

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Date
Sep 23, 2025
Research Description
Missing Authorization vulnerability in Tareq Hasan WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.1.11.
Affected versions
max 4.1.12.
Status
vulnerable
Jan 11, 2026

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss # CVE-2025-14047

CVE, Research URL

CVE-2025-14047

Home page URL

Security reports for WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Application

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Date
Jan 02, 2026
Research Description
The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'Frontend_Form_Ajax::submit_post' function in all versions up to, and including, 4.2.4. This makes it possible for unauthenticated attackers to delete attachment.
Affected versions
max 4.2.5.
Status
vulnerable
Mar 30, 2026

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss # CVE-2026-32485

CVE, Research URL

CVE-2026-32485

Home page URL

Security reports for WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Application

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Date
Mar 25, 2026
Research Description
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.8.
Affected versions
max 4.2.8.
Status
vulnerable

WP User Frontend &#8211; Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss # CVE-2026-24364

CVE, Research URL

CVE-2026-24364

Home page URL

Security reports for WP User Frontend &#8211; Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Application

WP User Frontend &#8211; Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Date
Mar 25, 2026
Research Description
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.5.
Affected versions
max 4.2.5.
Status
vulnerable