Unauthenticated Access Control Flaw in WP User Frontend by WordPress
CVE-2026-57334

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: WP User Frontend
Vendor: CVE Published:; 29 June 2026

What is CVE-2026-57334?

An unauthenticated access control vulnerability exists in the WP User Frontend plugin, allowing unauthorized users to gain access and manipulate features they shouldn't be able to. This issue affects users operating versions 4.3.7 and below, potentially exposing sensitive functionality and data to unauthorized individuals. Proper mitigation strategies should be adopted to secure user access and safeguard against exploitation.

Affected Version(s)

WP User Frontend <= 4.3.7

References

https://patchstack.com/database/wordpress/plugin/wp-user-...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
Jun 24, 2026

Credit

Tiago Ventura (@perses) | Patchstack Bug Bounty Program

CVE-2026-57334 Data

JSON