Unrated severityNVD Advisory· Published Dec 12, 2022· Updated Apr 22, 2025
User Registration < 2.2.4.1 - Subscriber+ Arbitrary File Upload
CVE-2022-3912
Description
The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <2.2.4.1
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.