cleantalk
Vulnerabilities and Security Researches

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss, CVE-2025-58673

CVE, Research URL

CVE-2025-58673

Home page URL

Security reports for WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Application

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Published on
Sep 23, 2025
Research Description
Improper Control of Generation of Code ('Code Injection') vulnerability in weDevs WP User Frontend wp-user-frontend allows Code Injection.This issue affects WP User Frontend: from n/a through <= 4.1.12.
Affected versions
max 4.1.13.
Status
vulnerable
Previous vulnerability researches
Media Library Assistant (CVE-2026-34885) , Apr 13, 2026
Media Library Assistant (CVE-2026-34897) , Apr 13, 2026
Media Library Assistant (CVE-2024-6823) , Aug 13, 2024
Media Library Assistant (CVE-2025-8357) , Aug 20, 2025
Media Library Assistant (CVE-2024-5544) , Jul 03, 2024
New vulnerability
Events Addon for Elementor (CVE-2025-8150) , Apr 24, 2026
WordPress Infinite Scroll &#8211; Ajax Load More (CVE-2025-59582) , Apr 24, 2026
WP Compress &#8211; Image Optimizer [All-In-One] (CVE-2025-57899) , Apr 24, 2026
Classified Listing – Classified ads &amp; Business Directory Plugin (CVE-2025-7711) , Apr 24, 2026
Popup Anything &#8211; Popup for opt-ins and Lead Generation Conversions (CVE-2026-6443) , Apr 24, 2026