CVE-2021-25076-Exploit

Wordpress Plugin WP User Frontend < 3.5.26 - SQL-Injection (Authenticated)

CVE description:

The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting

https://nvd.nist.gov/vuln/detail/CVE-2021-25076

ExploitDB:

https://www.exploit-db.com/exploits/50772

Exploit Description:

Vendor Homepage: https://wedevs.com/
Software Link: https://downloads.wordpress.org/plugin/wp-user-frontend.3.5.25.zip
Version: Up to 3.5.25
Tested on Ubuntu 20.04
🕊️ Twitter: @0xAbbarhSF

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
exploit.py		exploit.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2021-25076-Exploit

Wordpress Plugin WP User Frontend < 3.5.26 - SQL-Injection (Authenticated)

CVE description:

ExploitDB:

Exploit Description:

About

Releases

Packages

Languages

License

0xAbbarhSF/CVE-2021-25076

Folders and files

Latest commit

History

Repository files navigation

CVE-2021-25076-Exploit

Wordpress Plugin WP User Frontend < 3.5.26 - SQL-Injection (Authenticated)

CVE description:

ExploitDB:

Exploit Description:

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages