Tag

Cve-2026-5127

1 brief RSS

WordPress User Frontend Plugin Deserialization Vulnerability (CVE-2026-5127)

The User Frontend WordPress plugin is vulnerable to authenticated deserialization, allowing subscriber-level attackers to inject PHP objects for potential arbitrary code execution.

User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin <= 4.3.1 deserialization wordpress plugin cve-2026-5127

2r 1t 1c 15h ago