2026-01-02 01:48:19
Wordfence
PUBLISHED
The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the Frontend_Form_Ajax::submit_post function in all versions up to, and including, 4.2.4. This makes it possible for unauthenticated attackers to delete attachment.