CVE-2022-3912

Published: Dec 12, 2022Modified: Apr 22, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.

Affected (1)

Products: Wpeverest: User Registration

1 product

User Registration

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wpeverest User Registration	Before 2.2.4.1

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.