The WP User Frontend plugin has a security vulnerability. | WordPress.org

geworg
(@geworg)

2 months, 1 week ago

The WP User Frontend plugin for WordPress (Registration, User Profile, Membership, Content Restriction, User Directory, and Post Submission in Frontend) is vulnerable to arbitrary shortcode execution in all versions prior to 4.1.12. This is due to the software allowing users to execute an action that doesn’t properly validate the value before executing do_shortcode. This allows authenticated attackers with subscriber-level access or higher to execute arbitrary shortcodes. More details here: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-user-frontend/wp-user-frontend-4112-authenticated-subscriber-arbitrary-shortcode-execution

Fix this vulnerability!

The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)

Al Rubyat
(@rubyat13)

2 months, 1 week ago

Hi @geworg ,

Thanks for bringing this to our attention.
We have taken this issue seriously, and our concerned team is already working on it. A fix will be released soon in an upcoming update. We truly appreciate your patience and for helping us improve the plugin’s security.

Thanks,

Al Rubyat
(@rubyat13)

2 months, 1 week ago

Hi @geworg,

Thanks again for your patience and for reporting this earlier.

The issue has been fixed in our latest release of WP User Frontend. 🎉
Please update your plugin to the latest version and check again — the vulnerability has been resolved.

We appreciate your help in keeping our plugin secure!

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Tags

plugin

3 replies
2 participants
Last reply from: Al Rubyat
Last activity: 2 months, 1 week ago
Status: not resolved