Lucene search
K

CVE-2023-3342

🗓️ 13 Jul 2023 02:04:15Reported by WordfenceType 
cve
 cve
🔗 web.nvd.nist.gov👁 124 Views🌐 WEB

WordPress User Registration plugin allows arbitrary file uploads up to version 3.0.

Related
Detection
Affected
Refs
Paths
NVD
Vulners
Vulnrichment
Node
wpeverestuser_registrationRange<3.0.2.1wordpress
[
  {
    "vendor": "wpeverest",
    "product": "User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "3.0.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]
ParameterPositionPathDescriptionCWE
upload_filesrequest bodyuser_registration_profile_pic_upload-http-requestArbitrary file upload via the profile_pic_upload flow due to missing file type validation and hardcoded encryption key.CWE-434
profile_picrequest bodyuser_registration_profile_pic_upload-http-requestArbitrary file upload via the profile_pic_upload flow due to missing file type validation and hardcoded encryption key.CWE-434
filerequest bodyuser_registration_profile_pic_upload-http-requestArbitrary file upload via the profile_pic_upload flow due to missing file type validation and hardcoded encryption key.CWE-434
upload_filesrequest bodysave_profile_details-http-requestMove/rename uploaded file during profile save without proper validation, enabling potential arbitrary file placement/execution.CWE-434
encrypted_datarequest bodysave_profile_details-http-requestMove/rename uploaded file during profile save without proper validation, enabling potential arbitrary file placement/execution.CWE-434

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 06:13Current
9.5High risk
Vulners AI Score9.5
CVSS 3.19.9
EPSS0.01454
SSVC
124