Log out
Get PRO

Latest

Input validation vulnerability in WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin 3.5.25

  • Severity: high-risk
  • Status: Fixed
  • Publication: November 18, 2021

The WP User Frontend – Membership, Profile, Registration & Post Submission Plugin for WordPress is vulnerable to a form of attack known as SQL Injection. This type of attack can allow someone with admin-level privileges to access sensitive information stored in the plugin’s database, such as passwords or credit card numbers. Versions of the plugin before 3.5.25 are affected due to a lack of protection on user-supplied parameters and inadequate preparation of existing SQL queries.

Detected in:

Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend fixed vulnerable versions:
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin fixed vulnerable versions: >= * < 3.5.25

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.