CVE-2026-2233

Name of the Vulnerable Software and Affected Versions User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration versions prior to 4.2.9

Description The User Frontend plugin for WordPress is susceptible to unauthorized data modification. A missing capability check within the draft post() function allows unauthenticated attackers to modify arbitrary posts. This can include actions like unpublishing published posts and overwriting content. The modification is achieved through manipulation of the post id parameter.

Recommendations Update User Frontend to version 4.2.9 or later.