{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-3912", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "requesterUserId": "dc9e157c-ddf1-4983-adaf-9f01d16b5e04", "dateReserved": "2022-11-09T14:25:36.870Z", "datePublished": "2022-12-12T17:54:35.983Z", "dateUpdated": "2024-08-03T01:20:58.758Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2022-12-12T17:54:35.983Z"}, "title": "User Registration < 2.2.4.1 - Subscriber+ Arbitrary File Upload", "problemTypes": [{"descriptions": [{"description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "User Registration", "collectionURL": "https://wordpress.org/plugins", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThan": "2.2.4.1"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example."}], "references": [{"url": "https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "cydave", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:20:58.758Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpeverest:user_registration:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "648ED960-D679-4888-B498-6C4860AEB3A2", "versionEndExcluding": "2.2.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example."}, {"lang": "es", "value": "El complemento User Registration de WordPress anterior a 2.2.4.1 no restringe adecuadamente los archivos que se cargar\u00e1n mediante una acci\u00f3n AJAX disponible para usuarios autenticados y no autenticados, lo que podr\u00eda permitir a los usuarios no autenticados cargar archivos PHP, por ejemplo."}], "id": "CVE-2022-3912", "lastModified": "2023-11-07T03:51:57.353", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-12T18:15:11.753", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}