Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-38693

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7.

Published

2024-08-29T14:15:08.680

Last Modified

2024-09-13T20:35:41.127

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.6 (HIGH)

Weaknesses

Type: Secondary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	wedevs	wp_user_frontend	< 4.0.8	Yes

References

https://patchstack.com/database/vulnerability/wp-user-frontend/wordpress-wp-user-frontend-plugin-4-0-7-sql-injection-vulnerability?_s_id=cve Third Party Advisory ([email protected])