CVE-2025-3054

HIGH EXPLOITED

WP User Frontend Pro <4.1.3 - Code Injection

Title source: llm

Exploitation Summary

CVE-2025-3054 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including frogchung.

AI-analyzed exploit summary The repository provides a writeup for CVE-2025-3054, detailing an arbitrary file upload vulnerability in the WP User Frontend Pro plugin for WordPress. The vulnerability allows authenticated attackers with Subscriber-level access to upload arbitrary files, potentially leading to remote code execution.

Description

The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Please note that this requires the 'Private Message' module to be enabled and the Business version of the PRO software to be in use.

Exploits (1)

nomisec WRITEUP 1 stars

by frogchung · poc

https://github.com/frogchung/CVE-2025-3054-Exploit

View Code ZIP pw:eip

The repository provides a writeup for CVE-2025-3054, detailing an arbitrary file upload vulnerability in the WP User Frontend Pro plugin for WordPress. The vulnerability allows authenticated attackers with Subscriber-level access to upload arbitrary files, potentially leading to remote code execution.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: WP User Frontend Pro plugin for WordPress (up to and including version 4.1.3)

Auth required

Prerequisites: Authenticated access with Subscriber-level privileges or higher · Private Message module enabled · Business version of the PRO software in use

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources

https://headwayapp.co/wp-user-frontend-changelog

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/989f0e0b-8a57-4435-95b0-21fec215112d?source=cve

Scores

CVSS v3 8.8

EPSS 0.0147

EPSS Percentile 81.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2025-06-04

CWE

CWE-434

Status published

Products (1)

wedevs/WP User Frontend Pro < 4.1.3

Published Jun 05, 2025

Tracked Since Feb 18, 2026