Lucene search
User Registration Security Vulnerabilities - CVSS Score 9 - 10
cve
The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-l...
9.9CVSS
9.5AI Score
0.007EPSS
2023-07-13 03:15 AM
78