CVE-2022-3912 - Vulnerability Details - OpenCVE

Description

The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.

Published: 2022-12-12

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Unknown

User Registration

unaffected

Version	Status	Constraints
`0`	affected	< 2.2.4.1

Configuration 1 [-]

cpe:2.3:a:wpeverest:user_registration:*:*:*:*:*:wordpress:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-43248	The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0048.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74

History

Tue, 22 Apr 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Wpeverest User Registration

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-12-12T17:54:35.983Z

Updated: 2025-04-22T15:33:37.802Z

Reserved: 2022-11-09T14:25:36.870Z

Link: CVE-2022-3912

Vulnrichment

Updated: 2024-08-03T01:20:58.758Z

NVD

Status : Modified

Published: 2022-12-12T18:15:11.753

Modified: 2025-04-22T16:15:35.560

Link: CVE-2022-3912

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-434

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-3912", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "requesterUserId": "dc9e157c-ddf1-4983-adaf-9f01d16b5e04", "dateReserved": "2022-11-09T14:25:36.870Z", "datePublished": "2022-12-12T17:54:35.983Z", "dateUpdated": "2025-04-22T15:33:37.802Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2022-12-12T17:54:35.983Z"}, "title": "User Registration < 2.2.4.1 - Subscriber+ Arbitrary File Upload", "problemTypes": [{"descriptions": [{"description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "User Registration", "collectionURL": "https://wordpress.org/plugins", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThan": "2.2.4.1"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example."}], "references": [{"url": "https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "cydave", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:20:58.758Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-22T15:33:08.787287Z", "id": "CVE-2022-3912", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T15:33:37.802Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:20:58.758Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-3912", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-22T15:33:08.787287Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T15:33:32.416Z"}}], "cna": {"title": "User Registration < 2.2.4.1 - Subscriber+ Arbitrary File Upload", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "cydave"}], "affected": [{"vendor": "Unknown", "product": "User Registration", "versions": [{"status": "affected", "version": "0", "lessThan": "2.2.4.1", "versionType": "custom"}], "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2022-12-12T17:54:35.983Z"}}}, "cveMetadata": {"cveId": "CVE-2022-3912", "state": "PUBLISHED", "dateUpdated": "2025-04-22T15:33:37.802Z", "dateReserved": "2022-11-09T14:25:36.870Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2022-12-12T17:54:35.983Z", "requesterUserId": "dc9e157c-ddf1-4983-adaf-9f01d16b5e04", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpeverest:user_registration:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "648ED960-D679-4888-B498-6C4860AEB3A2", "versionEndExcluding": "2.2.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example."}, {"lang": "es", "value": "El complemento User Registration de WordPress anterior a 2.2.4.1 no restringe adecuadamente los archivos que se cargar\u00e1n mediante una acci\u00f3n AJAX disponible para usuarios autenticados y no autenticados, lo que podr\u00eda permitir a los usuarios no autenticados cargar archivos PHP, por ejemplo."}], "id": "CVE-2022-3912", "lastModified": "2025-04-22T16:15:35.560", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-12T18:15:11.753", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}