Authorization Bypass in WordPress Plugin Affecting User Registration and Media Management
CVE-2026-12406

5.3MEDIUM

What is CVE-2026-12406?

The User Frontend plugin for WordPress allows for an authorization bypass, permitting unauthorized users to delete media attachments linked to guest uploads and registration forms. This vulnerability arises from inadequate verification of user permissions, specifically through the wpuf_file_del AJAX action. Attackers can exploit this weakness on any site using the WPUF shortcode on a front-end page, exposing the wpuf_nonce to public JavaScript objects, which leads to compromised media management capabilities.

Affected Version(s)

User Frontend: AI Powered Frontend Posting, User Directory, Profile Builder, Membership & User Registration 0 <= 4.3.7

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

mrvincere
.