What the vulnerability does
01Description
Improper Control of Generation of Code ('Code Injection') vulnerability in weDevs WP User Frontend wp-user-frontend allows Code Injection.This issue affects WP User Frontend: from n/a through <= 4.1.12.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
What the vulnerability does
Improper Control of Generation of Code ('Code Injection') vulnerability in weDevs WP User Frontend wp-user-frontend allows Code Injection.This issue affects WP User Frontend: from n/a through <= 4.1.12.
Explanation of Vulnerability in Simple Terms
WP User Frontend versions up to 4.1.12 contain a code injection vulnerability that allows authenticated users with low privileges to inject and execute arbitrary code. An attacker can read sensitive data or modify site content. Update to a version newer than 4.1.12 to resolve this issue.
What an attacker can do
Inject and execute arbitrary code to read sensitive data or modify site content.
Potential impact on your site
Authenticated attackers can compromise site data integrity and confidentiality without admin access.
Conditions required to exploit
Attacker must have a low-privilege user account on the site (e.g., subscriber or contributor role).
Key dates
External resources
Related vulnerabilities