Lucene search
K

7 matches found

NVD
NVD
added 2023/07/13 3:15 a.m.66 views

CVE-2023-3342

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...

9.9CVSS0.01691EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2023/07/13 2:4 a.m.21 views

CVE-2023-3342 User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...

9.9CVSS8AI score0.01691EPSS
Exploits2References4
CVE
CVE
added 2023/07/13 2:4 a.m.125 views

CVE-2023-3342

The CVE-2023-3342 entry concerns the WordPress User Registration plugin (versions ≤ 3.0.2). The vulnerability arises from a hardcoded encryption key and missing file type validation in the ur_upload_profile_pic function, allowing authenticated users with subscriber-level privileges or higher to u...

9.9CVSS9.5AI score0.01691EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2023/07/13 2:4 a.m.62 views

CVE-2023-3342 User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...

9.9CVSS9.8AI score0.01691EPSS
Exploits2References4
Wordfence Blog
Wordfence Blog
added 2023/07/12 1:7 p.m.34 views

Interesting Arbitrary File Upload Vulnerability Patched in User Registration WordPress Plugin

On June 19, 2023, the Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Arbitrary File Upload vulnerability in WPEverest’s User Registration plugin, which is actively installed on more than 60,000 WordPress websites. This vulnerability makes it...

6.5CVSS7.6AI score0.01691EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/07/12 12:0 a.m.302 views

WordPress User Registration 3.0.2 Arbitrary File Upload

Description: User Registration = 3.0.2 – Authenticated Subscriber+ Arbitrary File Upload Affected Plugin: User Registration – Custom Registration Form, Login Form And User Profile For WordPress Plugin Slug: user-registration Affected Versions: = 3.0.2 CVE ID: CVE-2023-3342 CVSS Score: 9.9 Critica...

7.1AI score0.01691EPSS
Exploits2
Patchstack
Patchstack
added 2023/07/04 12:0 a.m.26 views

WordPress User Registration Plugin <= 3.0.2 is vulnerable to Arbitrary File Upload

Software User Registration Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.2.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-3342 Patch priority High CVSS severity High 9.9 Developer Masteriyo PSID 9e6954072452 Credits István Márton Required privilege Subscribe...

9.9CVSS6.8AI score0.01691EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder