Missing Authorization Vulnerability in weDevs WP User Frontend Plugin
CVE-2026-42412

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: WP User Frontend
Vendor: CVE Published:; 29 April 2026

What is CVE-2026-42412?

A missing authorization vulnerability in the weDevs WP User Frontend plugin can allow attackers to exploit incorrectly configured access control security levels. This can lead to unauthorized access to sensitive user data or actions, compromising the integrity of the website. It affects versions from n/a through 4.3.1 and emphasizes the importance of proper access control configurations to safeguard WordPress sites.

Affected Version(s)

WP User Frontend <= 4.3.1

References

https://patchstack.com/database/wordpress/plugin/wp-user-...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2026
Vulnerability Reserved
Apr 27, 2026

Credit

Sajjad Haqi | Patchstack Bug Bounty Program

CVE-2026-42412 Data

JSON