Log out
Get PRO

Latest

Access violation vulnerability in WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin 3.6.8

  • Severity: medium-risk
  • Status: Fixed
  • Publication: October 3, 2023

The WordPress User Frontend plugin, which is used with WordPress websites, has a security vulnerability that could allow people with subscriber-level access to do things they shouldn’t be able to do. Up to version 3.6.8 of the plugin, people with subscriber-level access would be able to install plugins, delete user packages, list taxonomies, dismiss promotional offers, review notices, and preview forms without needing permission. This vulnerability has since been fixed.

Detected in:

Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend fixed vulnerable versions:
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin fixed vulnerable versions: >= * <= 3.6.8

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.