Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
WordPress Plugin 'WP User Frontend' Stores Unencrypted User Data
MINI-cvfq-c3rc-7m5p
Summary
If an attacker gains access to a WordPress site using the 'WP User Frontend' plugin, they can view sensitive user information such as passwords. This is because the plugin stores user data in an unencrypted format. To protect your site, update the plugin to the latest version or consider using an alternative solution that encrypts user data.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| MinimOS | – | gradle-7 | All versions |
Original title
MINI-cvfq-c3rc-7m5p
Published: 19 Apr 2026 · Updated: 19 Apr 2026 · First seen: 19 Apr 2026