CVE-2023-3342 — Unrestricted File Upload in User Registration

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

9.9CRITICALNVD

EPSS

6.4%

top 8.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wpeverest User Registration

Timeline

PublishedJul 13

Description

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in version 3.0.2 and fully patched in versio…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages1 packages

▶NVDwpeverest/user_registration< 3.0.2.1

Patches

Patch: plugins.trac.wordpress.org ↗Patch: plugins.trac.wordpress.org ↗Patch: plugins.trac.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-4q7m-mf5f-23v3: The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation↗2023-07-13

▶

CVEList

User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload↗2023-07-13

▶