The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
History

Thu, 17 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wpeverest:user_registration:-:*:*:*:*:wordpress:*:*
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-07-13T02:04:14.751Z

Updated: 2024-10-17T13:41:15.434Z

Reserved: 2023-06-20T17:22:00.922Z

Link: CVE-2023-3343

cve-icon Vulnrichment

Updated: 2024-08-02T06:55:02.627Z

cve-icon NVD

Status : Modified

Published: 2023-07-13T03:15:10.143

Modified: 2024-11-21T08:17:03.687

Link: CVE-2023-3343

cve-icon Redhat

No data.