Lucene search
WpvulndbWPVDB-ID:73D2C831-251E-4883-97EC-16A226F431D7HistoryJul 14, 2023 - 12:00 a.m.
User Registration < 3.0.2.1 - Subscriber+ Arbitrary File Upload Leading to RCE
2023-07-1400:00:00
wpscan.com
26
user registration
arbitrary file upload
rce
encryption key
permissions
EPSS
0.007
Percentile
80.5%
The plugin does not validate the file types, and uses a hardcoded encryption key during the profile picture upload process. Authenticated users with minimal permissions, such as a subscriber, can thus upload arbitrary files, potentially leading to remote code execution.
Related
prion
prion
Hardcoded credentials
2023-07-13 03:15:00
cvelist
cvelist
CVE-2023-3342
2023-07-13 02:04:15
thn
thn
AIOS WordPress Plugin Faces Backlash for Storing User Passwords in Plaintext
2023-07-14 11:07:00
wordfence
wordfence
Interesting Arbitrary File Upload Vulnerability Patched in User Registration WordPress Plugin
2023-07-12 13:07:52
2023’s Critical WordPress Vulnerabilities and How They Work
2024-02-12 19:11:21
wpvulndb
wpvulndb
User Registration < 3.0.2.1 - Subscriber+ Arbitrary File Upload
2023-07-12 00:00:00
nvd
nvd
CVE-2023-3342
2023-07-13 03:15:10
cve
cve
CVE-2023-3342
2023-07-13 03:15:10
packetstorm
packetstorm
WordPress User Registration 3.0.2 Arbitrary File Upload
2023-07-12 00:00:00