cleantalk
Vulnerabilities and Security Researches

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss, CVE-2026-4058

CVE, Research URL

CVE-2026-4058

Home page URL

Security reports for WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Application

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Published on
Jun 09, 2026
Research Description
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the user_subscription_cancel() function in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel any user's subscription pack, including administrators.
Affected versions
max 4.3.3.
Status
vulnerable
Previous vulnerability researches
Royal Elementor Addons and Templates (CVE-2025-11363) , Jan 27, 2026
Royal Elementor Addons and Templates (CVE-2026-2373) , Apr 13, 2026
Royal Elementor Addons and Templates (CVE-2026-0664) , Apr 13, 2026
Royal Elementor Addons and Templates (70e3861f811c847c408946a4394074851b3e632a) , Jun 07, 2024
Royal Elementor Addons and Templates (CVE-2026-6504) , May 15, 2026
New vulnerability
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress (CVE-2026-48874) , Jun 10, 2026
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2026-48876) , Jun 10, 2026
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss (CVE-2026-4058) , Jun 10, 2026
Accordion (CVE-2026-10862) , Jun 10, 2026
Free Live Chat, WordPress Website Chat Plugin, Helpdesk Customer Support WP Live Chat App: Chatway (CVE-2026-49082) , Jun 09, 2026