User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration

Vulnerabilities 23Slug wp-user-frontendLatest version 4.3.2WordPress.org →

Minimum safe version

4.3.2

Update to 4.3.2 or later to address 23 fixable vulnerabilities

Latest available4.3.2 ✓

High 8.8

2026-05-08< 4.3.2

CVE-2026-5127

Medium 6.5

2026-04-29< 4.3.2

CVE-2026-42412

Medium 5.4

2025-09-22< 4.1.13

WP User Frontend <= 4.1.12 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

Wordfence EUVD CVE

N/A

2026-02-26< 4.2.9

User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Authenticated (Author+) Arbitrary File Upload

N/A

2026-03-14< 4.2.9

User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter

High 7.5

2026-03-25< 4.2.9

CVE-2026-32485

Medium 6.5

2026-03-25< 4.2.6

CVE-2026-24364

Medium 5.3

2026-01-02< 4.2.5

CVE-2025-14047

Medium 5.4

2025-09-22< 4.1.13

WordPress WP User Frontend Plugin <= 4.1.12 is vulnerable to Broken Access Control

Patchstack Wordfence EUVD CVE

High 7.2

2024-08-29< 4.0.8

CVE-2024-38693

CVE Patchstack Wordfence

N/A

2024-07-03< 4.0.8

WordPress WP User Frontend Plugin <= 4.0.7 is vulnerable to Backdoor

N/A

2024-06-25< 4.0.8

Various Plugins <= Various Version - Use of Polyfill.io

High 7.2

2024-05-17< 3.6.6

CVE-2023-47682

CVE Patchstack Wordfence WPScan

Medium 4.3

2025-01-02< 3.6.9

CVE-2023-45002

CVE Patchstack Wordfence WPScan

N/A

< 2.3.11

WP User Frontend <= 2.3.10 - Unrestricted File Upload

N/A

< 3.5.25

WP User Frontend < 3.5.25 - Admin+ SQL Injection

N/A

2023-03-21< 3.6.1

WordPress WP User Frontend Plugin <= 3.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

N/A

2016-02-08< 2.3.11

WP User Frontend < 2.3.11 - Arbitrary File Upload

N/A

2021-11-18< 3.5.25

WP User Frontend – Membership, Profile, Registration & Post Submission Plugin for WordPress < 3.5.25 - Authenticated (Admin+) SQL Injection

Critical 9.8

2022-11-21< 3.5.29

CVE-2021-24649

CVE Patchstack Wordfence WPScan

N/A

2016-02-08< 2.3.11

WordPress WP User Frontend Plugin 2.3.10 - Unrestricted File Upload

N/A

2021-11-18< 3.5.25

WordPress WP User Frontend plugin <= 3.5.23 - SQL Injection (SQLi) vulnerability

High 8.8

2022-01-24< 3.5.26

CVE-2021-25076

CVE Patchstack Wordfence WPScan