CVE-2023-3342

CRITICAL

WordPress User Registration <3.0.2 - RCE

Title source: llm

Description

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in version 3.0.2 and fully patched in version 3.0.2.1.

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/173434/WordPress-User-Registration-3.0.2-Arbitrary-File-Upload.html

Exploit, Third Party Advisory

https://lana.codes/lanavdb/c0a58dff-7a5b-4cc0-82d6-2255e61d801c/

Patch

https://plugins.trac.wordpress.org/browser/user-registration/tags/3.0.1/includes/functions-ur-core.php#L3156

Patch

https://plugins.trac.wordpress.org/changeset/2933689/user-registration/trunk/includes/functions-ur-core.php

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/a979e885-f7dd-4616-a881-64f3d97c309d?source=cve

Scores

CVSS v3 9.9

EPSS 0.0640

EPSS Percentile 91.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (2)

wpeverest/User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder < 3.0.2

wpeverest/user_registration < 3.0.2.1

Published Jul 13, 2023

Tracked Since Feb 18, 2026