Title: Authenticated (Subscriber+) Arbitrary Shortcode Execution Vulnerability
Last modified: September 30, 2025

---

# Authenticated (Subscriber+) Arbitrary Shortcode Execution Vulnerability

 *  Resolved [Manish Dutt](https://wordpress.org/support/users/manishdutt165/)
 * (@manishdutt165)
 * [8 months, 1 week ago](https://wordpress.org/support/topic/authenticated-subscriber-arbitrary-shortcode-execution-vulnerability/)
 * **Description:**
 * **WP User Frontend ≤ 4.1.12 – Authenticated (Subscriber+) Arbitrary Shortcode
   Exec**
 * Wordfence has flagged a security vulnerability in my WordPress site. Please review
   and resolve this issue as soon as possible.
 * **Plugin Name:** WP User Frontend
   **Installed Version:** 4.1.12
 * **Vulnerability Info:** [Wordfence Advisory](https://www.wordfence.com/threat-intel/vulnerabilities/id/991327f0-8bb9-4fdf-9c2a-b266ead962a3?source=plugin)
 * Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [denis24](https://wordpress.org/support/users/denis24/)
 * (@denis24)
 * [8 months ago](https://wordpress.org/support/topic/authenticated-subscriber-arbitrary-shortcode-execution-vulnerability/#post-18669898)
 * This vulnerability was published on Sept. 22 — two weeks ago. When will you release
   an update that fixes it?
   [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-user-frontend/wp-user-frontend-4112-authenticated-subscriber-arbitrary-shortcode-execution](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-user-frontend/wp-user-frontend-4112-authenticated-subscriber-arbitrary-shortcode-execution)
 *  [Md. Tanvir Chowdhury](https://wordpress.org/support/users/tanvir101/)
 * (@tanvir101)
 * [7 months, 3 weeks ago](https://wordpress.org/support/topic/authenticated-subscriber-arbitrary-shortcode-execution-vulnerability/#post-18681534)
 * Hi [@manishdutt165](https://wordpress.org/support/users/manishdutt165/) [@denis24](https://wordpress.org/support/users/denis24/)
   
   We have resolved the reported vulnerability in our latest release, WP User Frontend**
   v4.1.13**. You can confirm the fix through the reference links on Wordfence or
   Patchstack, where the updated and secured version has already been listed.If 
   you have any questions or <span style=”box-sizing: border-box; margin: 0px; padding:
   0px;”>require further clarification, please do not hesitate to [contact us](https://wedevs.com/contact/)
   </span>.We appreciate your cooperation and understanding in this regard. Wishing
   you both a great day ahead.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Authenticated (Subscriber+) Arbitrary Shortcode Execution Vulnerability’
is closed to new replies.

 * ![](https://ps.w.org/wp-user-frontend/assets/icon-256x256.gif?rev=2818776)
 * [User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration](https://wordpress.org/plugins/wp-user-frontend/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-user-frontend/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-user-frontend/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-user-frontend/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-user-frontend/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-user-frontend/reviews/)

 * 4 replies
 * 3 participants
 * Last reply from: [Md. Tanvir Chowdhury](https://wordpress.org/support/users/tanvir101/)
 * Last activity: [7 months, 3 weeks ago](https://wordpress.org/support/topic/authenticated-subscriber-arbitrary-shortcode-execution-vulnerability/#post-18681534)
 * Status: resolved