User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.1 - Authenticated (Subscriber+) PHP Object Injection
Summary
| CVE | CVE-2026-5127 |
|---|---|
| State | PUBLISHED |
| Assigner | Wordfence |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-08 09:16:08 UTC |
| Updated | 2026-05-08 09:16:08 UTC |
| Description | The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserialization of Untrusted Data in versions up to, and including, 4.3.1 This is due to insufficient input validation and type checking on the wpuf_files parameter during form submission, combined with unconditional deserialization via maybe_unserialize() when displaying post content. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary PHP objects, which can be leveraged to execute arbitrary code, delete arbitrary files, or perform other malicious actions if a POP chain is present on the target system. |
Risk And Classification
Primary CVSS: v3.1 8.8 HIGH from [email protected]
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Problem Types: CWE-502 | CWE-502 CWE-502 Deserialization of Untrusted Data
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | CNA | DECLARED | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Wedevs | User Frontend AI Powered Frontend Posting User Directory Profile Membership User Registration | affected 4.3.1 semver | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.wordfence.com/threat-intel/vulnerabilities/id/2b5d27cc-c6eb-4c5c-8ee1-30483... | [email protected] | www.wordfence.com | |
| plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.10/includes/Ajax/Frontend_F... | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/wp-user-frontend/trunk/wpuf-functions.php | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/wp-user-frontend/trunk/wpuf-functions.php | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.10/includes/Traits/Fieldabl... | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/wp-user-frontend/trunk/includes/Traits/FieldableTrait... | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/wp-user-frontend/trunk/includes/Ajax/Frontend_Form_Aj... | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.10/includes/Traits/Fieldabl... | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.10/wpuf-functions.php | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/wp-user-frontend/trunk/includes/Ajax/Frontend_Form_Aj... | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/wp-user-frontend/trunk/includes/Traits/FieldableTrait... | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/changeset/3514258/wp-user-frontend/trunk/includes/Traits/Fiel... | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.10/includes/Ajax/Frontend_F... | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.10/wpuf-functions.php | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.10/includes/Traits/Fieldabl... | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/wp-user-frontend/trunk/includes/Traits/FieldableTrait... | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/wp-user-frontend/tags/4.2.10/includes/Traits/Fieldabl... | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/browser/wp-user-frontend/trunk/includes/Traits/FieldableTrait... | [email protected] | plugins.trac.wordpress.org | |
| plugins.trac.wordpress.org/changeset | [email protected] | plugins.trac.wordpress.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Doan Dinh Van (en)
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| CNA | 2026-03-30T09:21:38.000Z | Vendor Notified |
| CNA | 2026-05-07T19:58:37.000Z | Disclosed |
There are currently no legacy QID mappings associated with this CVE.