A vulnerability was found in wedevs User Frontend Plugin up to 4.3.7. It has been declared as critical. This vulnerability affects the function
wpuf_submit_post of the component Post Submission Handler. Such manipulation of the argument wpuf_files_data leads to improper control of resource identifiers.
This vulnerability is listed as CVE-2026-12418. The attack may be performed from remote. There is no available exploit.