Security Advisory

CVE-2022-3912

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-12-12 17:54:35

Last updated 2025-04-22 15:33:37

Assigner WPScan

State PUBLISHED

Description

The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.

← Browse all CVEs View on cve.org ↗