CVE-2025-58672

Name: Websites susceptible to CVE-2025-58672
Creator: WebTechSurvey

CVE-2025-58672

WordPress WP User Frontend Plugin <= 4.1.11 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Tareq Hasan WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.1.11.

We have discovered 1,031 live websites that are affected by CVE-2025-58672.

Run a Free Instant Scan

Affected Software


Product	Wp User Frontend
Category	Wordpress Plugins
Vulnerable Domains	1,031 live websites (91% of Wp User Frontend install base)
Vulnerable Versions	from 0 through 4.1.11
Vulnerable Versions Count	42 versions ( 95% of all versions)

Common Weakness Enumeration

CWE-862 Missing Authorization

Available Reports

Website List

Details

Published - Sep 22, 2025
Updated - Sep 23, 2025

Credits

Kishan Vyas (Patchstack Alliance) (finder)

CVE References

CWE References

cwe.mitre.org

CWE

CWE-862

Website Distribution by Country

Number of websites using CVE-2025-58672

United States	286 websites

Germany	77 websites
France	72 websites
GB	55 websites
Japan	55 websites
Italy	46 websites
Brazil	33 websites
India	27 websites
Canada	25 websites
Cyprus	22 websites

Website Distribution by TLD

Number of websites using CVE-2025-58672

.com	414 websites
.org	64 websites
.it	39 websites
.net	33 websites
.de	33 websites
.fr	30 websites
.co.uk	27 websites
.com.br	26 websites
.nl	18 websites
.ru	16 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2025-58672

Top websites that are affected by CVE-2025-58672. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
***********.pl	Poland	*,*
*.*.uk	United States	*,*
********.com	Canada	*,*
****.org	Switzerland	*,*
*******.com	Cyprus	*,*
********.*.ua	Ukraine	*,*
************.com	Cyprus	*,*
******.org	United States	*,*
************.org	United States	*,*
*************.dk	Denmark	*,*