The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-12-12T17:54:35.983Z

Updated: 2024-08-03T01:20:58.758Z

Reserved: 2022-11-09T14:25:36.870Z

Link: CVE-2022-3912

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-12-12T18:15:11.753

Modified: 2024-11-21T07:20:31.107

Link: CVE-2022-3912

cve-icon Redhat

No data.