Lucene search
WPScanCVE-2022-3912HistoryDec 12, 2022 - 6:15 p.m.
CVE-2022-3912
2022-12-1218:15:11
CWE-434
WPScan
web.nvd.nist.gov
36
cve
user registration
wordpress plugin
file upload
security vulnerability
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
46.5%
The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.
Affected configurations
Node
wpeverestuser_registrationRange<2.2.4.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpeverest | user_registration | * | cpe:2.3:a:wpeverest:user_registration:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "User Registration",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.2.4.1"
}
],
"defaultStatus": "unaffected"
}
]Related
wpexploit
wpexploit
User Registration < 2.2.4.1 - Subscriber+ Arbitrary File Upload
2022-11-21 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2022-3912
2022-12-12 18:15:11
wpvulndb
wpvulndb
User Registration < 2.2.4.1 - Subscriber+ Arbitrary File Upload
2022-11-21 00:00:00
prion
prion
Default credentials
2022-12-12 18:15:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
46.5%
Related for CVE-2022-3912