cleantalk
Vulnerabilities and Security Researches

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss, CVE-2025-58672

CVE, Research URL

CVE-2025-58672

Home page URL

Security reports for WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Application

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss

Published on
Sep 23, 2025
Research Description
Missing Authorization vulnerability in Tareq Hasan WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.1.11.
Affected versions
max 4.1.12.
Status
vulnerable
Previous vulnerability researches
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss (CVE-2023-45002) , Jun 10, 2024
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss (CVE-2021-24649) , Jun 07, 2024
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss (CVE-2021-25076) , Jun 07, 2024
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss (CVE-2023-47682) , Jun 07, 2024
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss (CVE-2025-58672) , Oct 12, 2025
New vulnerability
Product Feed PRO for WooCommerce (CVE-2026-32443) , Mar 30, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-24373) , Mar 30, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-32385) , Mar 30, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-32498) , Mar 30, 2026
Gallery Block (Meow Gallery) (CVE-2026-32418) , Mar 30, 2026