CVE-2021-25076

HIGH EXPLOITED

WP User Frontend <3.5.26 - SQL Injection

Title source: llm

Exploitation Summary

CVE-2021-25076 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 5 public exploits from researchers including Ron Jost, abbarhissarh, ar2o3.

AI-analyzed exploit summary This exploit demonstrates an authenticated SQL injection vulnerability in WordPress Plugin WP User Frontend versions before 3.5.25. It authenticates to WordPress and then uses sqlmap to exploit the unsanitized 'status' parameter in the Subscribers dashboard.

Description

The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting

Exploits (5)

exploitdb WORKING POC

by Ron Jost · pythonwebappsphp

https://www.exploit-db.com/exploits/50772

View Code ZIP pw:eip

This exploit demonstrates an authenticated SQL injection vulnerability in WordPress Plugin WP User Frontend versions before 3.5.25. It authenticates to WordPress and then uses sqlmap to exploit the unsanitized 'status' parameter in the Subscribers dashboard.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: WordPress Plugin WP User Frontend < 3.5.25

Auth required

Prerequisites: Valid WordPress credentials · Access to the WordPress admin interface

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 3 stars

by abbarhissarh · poc

https://github.com/abbarhissarh/CVE-2021-25076

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-25076, an SQL injection vulnerability in the WP User Frontend WordPress plugin. The exploit authenticates to WordPress and uses sqlmap to exploit the vulnerability via the 'status' parameter in the Subscribers dashboard.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: WP User Frontend WordPress plugin < 3.5.26

Auth required

Prerequisites: WordPress installation with vulnerable plugin · valid WordPress credentials

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Apr 10, 2026 Full analysis →

nomisec WORKING POC 3 stars

by ar2o3 · poc

https://github.com/ar2o3/CVE-2021-25076

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-25076, an SQL injection vulnerability in the WP User Frontend WordPress plugin before 3.5.26. The exploit authenticates to WordPress and uses sqlmap to exploit the vulnerability via the 'status' parameter in the Subscribers dashboard.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: WP User Frontend WordPress plugin < 3.5.26

Auth required

Prerequisites: Valid WordPress credentials · Access to the WordPress admin panel · sqlmap installed on the attacker's machine

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

vulncheck_xdb WORKING POC

remote-auth

https://github.com/0xAbbarhSF/CVE-2021-25076

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-25076, an SQL injection vulnerability in the WP User Frontend WordPress plugin. The exploit authenticates to WordPress and generates a payload for sqlmap to exploit the vulnerable 'status' parameter in the Subscribers dashboard.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: WP User Frontend WordPress plugin < 3.5.26

Auth required

Prerequisites: valid WordPress credentials · sqlmap installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 25, 2026 Full analysis →

inthewild WORKING POC

poc

https://github.com/0xabbarhsf/cve-2021-25076

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-25076, an SQL injection vulnerability in the WordPress Plugin WP User Frontend < 3.5.26. The exploit authenticates to WordPress and uses sqlmap to exploit the vulnerability via the 'status' parameter in the Subscribers dashboard.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: WP User Frontend WordPress Plugin < 3.5.26

Auth required

Prerequisites: WordPress installation with vulnerable plugin · Valid WordPress credentials

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_misc

https://wpscan.com/vulnerability/6d3eeba6-5560-4380-a6e9-f008a9112ac6

Patch, Third Party Advisory x_refsource_confirm

https://plugins.trac.wordpress.org/changeset/2648715

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/166071/WordPress-WP-User-Frontend-3.5.25-SQL-Injection.html

Scores

CVSS v3 8.8

EPSS 0.5233

EPSS Percentile 98.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-12-21

CWE

CWE-89

Status published

Products (1)

wedevs/wp_user_frontend < 3.5.26

Published Jan 24, 2022

Tracked Since Feb 18, 2026