Authenticated (Subscriber+) Arbitrary Shortcode Execution Vulnerability | WordPress.org

Resolved Manish Dutt
(@manishdutt165)

2 months, 2 weeks ago

Description:

WP User Frontend ≤ 4.1.12 – Authenticated (Subscriber+) Arbitrary Shortcode Exec

Wordfence has flagged a security vulnerability in my WordPress site. Please review and resolve this issue as soon as possible.

Plugin Name: WP User Frontend
Installed Version: 4.1.12

Vulnerability Info: Wordfence Advisory

Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)

denis24
(@denis24)

2 months, 1 week ago

This vulnerability was published on Sept. 22 — two weeks ago. When will you release an update that fixes it?

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-user-frontend/wp-user-frontend-4112-authenticated-subscriber-arbitrary-shortcode-execution

Plugin Support Md. Tanvir Chowdhury
(@tanvir101)

2 months ago

Hi @manishdutt165 @denis24
We have resolved the reported vulnerability in our latest release, WP User Frontend v4.1.13. You can confirm the fix through the reference links on Wordfence or Patchstack, where the updated and secured version has already been listed.
If you have any questions or <span style=”box-sizing: border-box; margin: 0px; padding: 0px;”>require further clarification, please do not hesitate to contact us</span>.
We appreciate your cooperation and understanding in this regard. Wishing you both a great day ahead.

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Tags

security vulnerability

4 replies
3 participants
Last reply from: Md. Tanvir Chowdhury
Last activity: 2 months ago
Status: resolved