CVE-2026-1565 | User Frontend Plugin up to 4.2.8 on WordPress Setting check_filetype_and_ext unrestricted upload

Inserito da Angelo Barbosa | Feb 26, 2026 | CVE

A vulnerability was found in User Frontend Plugin up to 4.2.8 on WordPress. It has been rated as critical. Affected by this vulnerability is the function WPUF_Admin_Settings::check_filetype_and_ext of the component Setting Handler. The manipulation leads to unrestricted upload.

This vulnerability is listed as CVE-2026-1565. The attack may be initiated remotely. There is no available exploit.

CVE-2026-1565 | User Frontend Plugin up to 4.2.8 on WordPress Setting check_filetype_and_ext unrestricted upload

Post correlati

CVE-2024-34767 | HasThemes ShopLentor Plugin up to 2.8.7 on WordPress cross site scripting

CVE-2023-21634 | Qualcomm 835 Mobile PC Platform Radio Interface Layer memory corruption

CVE-2024-54983 | Quectel BC95-CNV V100R001C00SPC051 NAS Message improper authentication

CVE-2024-10155 | PHPGurukul Boat Booking System 1.0 Book a Boat Page book-boat.php?bid=1 phone_number cross site scripting