WordPress Plugin Vulnerabilities

User Registration < 3.0.2.1 - Subscriber+ Arbitrary File Upload Leading to RCE

Description

The plugin does not validate the file types, and uses a hardcoded encryption key during the profile picture upload process. Authenticated users with minimal permissions, such as a subscriber, can thus upload arbitrary files, potentially leading to remote code execution.

Affects Plugins

Plugin icon
user-registration
Fixed in 3.0.2.1

References

CVE
CVE-2023-3342
URL
https://www.wordfence.com/blog/2023/07/interesting-arbitrary-file-upload-vulnerability-patched-in-user-registration-wordpress-plugin/

Miscellaneous

Original Researcher
István Márton
Verified
No
WPVDB ID
73d2c831-251e-4883-97ec-16a226f431d7

Timeline

Publicly Published
2023-07-14 (about 2 years ago)
Added
2023-07-14 (about 2 years ago)
Last Updated
2023-07-14 (about 2 years ago)

Other

Published
Title
Published
2021-04-02
Title
Business Hours Pro <= 5.5.0 - Unauthenticated Arbitrary File Upload to RCE
Published
2014-08-01
Title
Smart Slideshow - upload.php Multiple File Extension Upload Arbitrary Code Execution
Published
2014-10-06
Title
Infusionsoft Gravity Forms 1.5.3 - 1.5.10 Arbitrary File Upload
Published
2024-12-30
Title
WPMasterToolKit < 1.14.0 - Authenticated (Admin+) Arbitrary File Upload
Published
2025-01-20
Title
Post/Page Copying Tool to Export and Import post/page for Cross site Migration < 2.0.4 - Authenticated (Contributor+) Arbitrary File Upload