Skip to main content

Wp User Frontend

5 CVEs product

Monthly

CVE-2026-57334 MEDIUM This Month

Broken access control in WP User Frontend plugin for WordPress (versions <= 4.3.7) allows unauthenticated remote attackers to perform restricted actions without authorization. The flaw stems from missing authorization checks (CWE-862) on one or more plugin endpoints, enabling limited integrity and availability impact against affected WordPress installations. No public exploit code or active exploitation via CISA KEV has been identified at time of analysis, though the unauthenticated, low-complexity nature of the vulnerability lowers the bar for casual abuse.

Authentication Bypass Wp User Frontend
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-42412 MEDIUM This Month

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1.

Authentication Bypass Wp User Frontend
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32485 HIGH This Week

A missing authorization vulnerability exists in weDevs WP User Frontend plugin through version 4.2.8, allowing attackers to bypass access control checks and perform unauthorized actions. The vulnerability stems from incorrectly configured access control security levels (CWE-862: Missing Authorization), enabling attackers with varying privilege levels to access or modify restricted functionality. All installations of WP User Frontend up to and including version 4.2.8 are vulnerable, and immediate patching is strongly recommended.

Authentication Bypass Wp User Frontend
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24364 MEDIUM This Month

Improper access control in WP User Frontend through version 4.2.5 allows authenticated users to modify content they should not have permission to access. An attacker with valid WordPress credentials could exploit misconfigured security levels to gain unauthorized write access to restricted resources without requiring additional user interaction.

Authentication Bypass Wp User Frontend
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-38693 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.0.7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wp User Frontend
NVD
CVSS 3.1
7.2
EPSS
0.4%
EPSS 0% CVSS 6.5
MEDIUM This Month

Broken access control in WP User Frontend plugin for WordPress (versions <= 4.3.7) allows unauthenticated remote attackers to perform restricted actions without authorization. The flaw stems from missing authorization checks (CWE-862) on one or more plugin endpoints, enabling limited integrity and availability impact against affected WordPress installations. No public exploit code or active exploitation via CISA KEV has been identified at time of analysis, though the unauthenticated, low-complexity nature of the vulnerability lowers the bar for casual abuse.

Authentication Bypass Wp User Frontend
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1.

Authentication Bypass Wp User Frontend
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

A missing authorization vulnerability exists in weDevs WP User Frontend plugin through version 4.2.8, allowing attackers to bypass access control checks and perform unauthorized actions. The vulnerability stems from incorrectly configured access control security levels (CWE-862: Missing Authorization), enabling attackers with varying privilege levels to access or modify restricted functionality. All installations of WP User Frontend up to and including version 4.2.8 are vulnerable, and immediate patching is strongly recommended.

Authentication Bypass Wp User Frontend
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper access control in WP User Frontend through version 4.2.5 allows authenticated users to modify content they should not have permission to access. An attacker with valid WordPress credentials could exploit misconfigured security levels to gain unauthorized write access to restricted resources without requiring additional user interaction.

Authentication Bypass Wp User Frontend
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.0.7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wp User Frontend
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy