VYPR

User Registration Advanced Fields

by WordPress

CVEs (1)

  • CVE-2026-4882CriMay 2, 2026
    risk 0.64cvss 9.8epss 0.01

    The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::method_upload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to…