Wedevs Wp User Frontend — known CVE vulnerabilities
Every CVE whose affected-product data names Wedevs Wp User Frontend, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2021-24649 — CVSS 9.8 (critical): The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains…
CVE-2021-25076 — CVSS 8.8 (high): The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in…
CVE-2024-38693 — CVSS 7.6 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL…