CVE-2024-38693 HIGH

CVE-2024-38693: WordPress WP User Frontend plugin <= 4.0.7 - SQL Injection vulnerability

Vendor Wedevs

Product WP User Frontend

Weakness CWE-89 · SQLi

Published August 29, 2024

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

7.6/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7.

Key dates

02Disclosure timeline

August 29, 2024 CVE published

April 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-38693

Related vulnerabilities

04Related CVE

CVE-2024-0357 coderd-repos Eva HTTP POST Request page sql injection CVE-2023-2370 SourceCodester Online DJ Management System GET Parameter manage_event.php sql injection CVE-2019-15972 Cisco Unified Communications Manager SQL Injection Vulnerability CVE-2026-28438 CocoIndex Doris target connector didn't verify table name when constructing ALTER TABLE statements CVE-2025-2738 PHPGurukul Old Age Home Management System manage-scdetails.php sql injection