CVE-2022-3912

HIGH

Wpeverest User Registration < 2.2.4.1 - Unrestricted File Upload

Title source: rule
STIX 2.1

Description

The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74

Scores

CVSS v3 7.5
EPSS 0.0048
EPSS Percentile 65.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-434
Status published
Products (1)
wpeverest/user_registration < 2.2.4.1
Published Dec 12, 2022
Tracked Since Feb 18, 2026