Wp User Frontend
Monthly
Broken access control in WP User Frontend plugin for WordPress (versions <= 4.3.7) allows unauthenticated remote attackers to perform restricted actions without authorization. The flaw stems from missing authorization checks (CWE-862) on one or more plugin endpoints, enabling limited integrity and availability impact against affected WordPress installations. No public exploit code or active exploitation via CISA KEV has been identified at time of analysis, though the unauthenticated, low-complexity nature of the vulnerability lowers the bar for casual abuse.
Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1.
A missing authorization vulnerability exists in weDevs WP User Frontend plugin through version 4.2.8, allowing attackers to bypass access control checks and perform unauthorized actions. The vulnerability stems from incorrectly configured access control security levels (CWE-862: Missing Authorization), enabling attackers with varying privilege levels to access or modify restricted functionality. All installations of WP User Frontend up to and including version 4.2.8 are vulnerable, and immediate patching is strongly recommended.
Improper access control in WP User Frontend through version 4.2.5 allows authenticated users to modify content they should not have permission to access. An attacker with valid WordPress credentials could exploit misconfigured security levels to gain unauthorized write access to restricted resources without requiring additional user interaction.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.0.7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Broken access control in WP User Frontend plugin for WordPress (versions <= 4.3.7) allows unauthenticated remote attackers to perform restricted actions without authorization. The flaw stems from missing authorization checks (CWE-862) on one or more plugin endpoints, enabling limited integrity and availability impact against affected WordPress installations. No public exploit code or active exploitation via CISA KEV has been identified at time of analysis, though the unauthenticated, low-complexity nature of the vulnerability lowers the bar for casual abuse.
Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1.
A missing authorization vulnerability exists in weDevs WP User Frontend plugin through version 4.2.8, allowing attackers to bypass access control checks and perform unauthorized actions. The vulnerability stems from incorrectly configured access control security levels (CWE-862: Missing Authorization), enabling attackers with varying privilege levels to access or modify restricted functionality. All installations of WP User Frontend up to and including version 4.2.8 are vulnerable, and immediate patching is strongly recommended.
Improper access control in WP User Frontend through version 4.2.5 allows authenticated users to modify content they should not have permission to access. An attacker with valid WordPress credentials could exploit misconfigured security levels to gain unauthorized write access to restricted resources without requiring additional user interaction.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.0.7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.