5 matches found
CVE-2026-4882
The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAFAJAX::methodupload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary...
CVE-2026-4882
The CVE concerns the WordPress plugin “User Registration Advanced Fields” (URAF). Vulnerable code path: URAF_AJAX::method_upload, with missing file type validation, across all versions up to and including 1.6.20. This permits unauthenticated attackers to upload arbitrary files on the affected sit...
CVE-2026-4882 User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload
The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAFAJAX::methodupload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary...
CVE-2026-4882 User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload
The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAFAJAX::methodupload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary...
PT-2026-36566
Name of the Vulnerable Software and Affected Versions User Registration Advanced Fields versions prior to 1.6.21 Description The User Registration Advanced Fields plugin for WordPress allows unauthenticated attackers to upload arbitrary files to the server. This issue stems from missing file type...