The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:20
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74 - Exploit, Third Party Advisory |
14 Dec 2022, 21:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-12 18:15
Updated : 2024-11-21 07:20
NVD link : CVE-2022-3912
Mitre link : CVE-2022-3912
CVE.ORG link : CVE-2022-3912
JSON object : View
Products Affected
wpeverest
- user_registration
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type