Wedevs Wp User Frontend vulnerabilities
11 known vulnerabilities affecting wedevs/wp_user_frontend.
Total CVEs
11
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH4MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2021-25076P2HIGHCVSS 8.8ExploitedPoCfixed in 3.5.262022-01-24
CVE-2021-25076 [HIGH] CWE-89 CVE-2021-25076: The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status paramete
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting
nvd
CVE-2021-24649P3CRITICALCVSS 9.8fixed in 3.5.292022-11-21
CVE-2021-24649 [CRITICAL] CWE-287 CVE-2021-24649: The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in
The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). This could allow an attacker having access to the AUTH_KEY and AUTH_SALT constant (via an arbitrary file access issue for example, o
nvd
CVE-2026-32485P3HIGHCVSS 7.5≥ n/a, ≤ <= 4.2.82026-03-25
CVE-2026-32485 [HIGH] CWE-862 CVE-2026-32485: Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting In
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.8.
nvd
CVE-2023-47682P3HIGHCVSS 7.2≥ n/a, ≤ 3.6.52024-05-17
CVE-2023-47682 [HIGH] CWE-269 CVE-2023-47682: Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.T
Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.This issue affects WP User Frontend: from n/a through 3.6.5.
nvd
CVE-2024-38693P3HIGHCVSS 7.2fixed in 4.0.8≥ n/a, ≤ 4.0.72024-08-29
CVE-2024-38693 [HIGH] CWE-89 CVE-2024-38693: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7.
nvd
CVE-2026-24364P3MEDIUMCVSS 6.5≤ 4.2.52026-03-25
CVE-2026-24364 [MEDIUM] CWE-862 CVE-2026-24364: Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting In
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.5.
nvd
CVE-2026-57334P3MEDIUMCVSS 6.5≥ n/a, ≤ 4.3.72026-06-29
CVE-2026-57334 [MEDIUM] CWE-862 CVE-2026-57334: Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions.
Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions.
nvd
CVE-2026-42412P4MEDIUMCVSS 6.5≥ n/a, ≤ 4.3.12026-04-29
CVE-2026-42412 [MEDIUM] CWE-862 CVE-2026-42412: Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configu
Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects WP User Frontend: from n/a through 4.3.1.
nvd
CVE-2025-58673P4MEDIUMCVSS 5.4≤ 4.1.122025-09-22
CVE-2025-58673 [MEDIUM] CWE-94 CVE-2025-58673: Improper Control of Generation of Code ('Code Injection') vulnerability in weDevs WP User Frontend w
Improper Control of Generation of Code ('Code Injection') vulnerability in weDevs WP User Frontend wp-user-frontend allows Code Injection.This issue affects WP User Frontend: from n/a through <= 4.1.12.
nvd
CVE-2025-58672P4MEDIUMCVSS 5.4≤ 4.1.122025-09-22
CVE-2025-58672 [MEDIUM] CWE-862 CVE-2025-58672: Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting In
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.1.12.
nvd
CVE-2023-45002P4MEDIUMCVSS 4.3≥ n/a, ≤ 3.6.82025-01-02
CVE-2023-45002 [MEDIUM] CWE-862 CVE-2023-45002: Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configu
Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through 3.6.8.
nvd