The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-12-12T17:54:35.983Z
Updated: 2024-08-03T01:20:58.758Z
Reserved: 2022-11-09T14:25:36.870Z
Link: CVE-2022-3912
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-12-12T18:15:11.753
Modified: 2024-11-21T07:20:31.107
Link: CVE-2022-3912
Redhat
No data.