CVE-2022-3912

Exploit

EPSS 0.32%
Published 12.12.2022 18:15:11
Last modified 22.04.2025 16:15:35
Source contact@wpscan.com
Teams watchlist Login
Open Login

The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Wpeverest ≫ User Registration SwPlatformwordpress Version < 2.2.4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.32%	0.547

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-3912

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3912

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3912

EUVD