CVE-2026-5127 | wedevs User Frontend Plugin up to 4.3.1 on WordPress maybe_unserialize wpuf_files deserialization (EUVD-2026-28538)

A vulnerability categorized as critical has been discovered in wedevs User Frontend Plugin up to 4.3.1 on WordPress. Impacted is the function maybe_unserialize. Such manipulation of the argument wpuf_files leads to deserialization.

This vulnerability is listed as CVE-2026-5127. The attack may be performed from remote. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More