WordPress Plugin Vulnerabilities

User Registration < 3.0.2.1 - Subscriber+ Arbitrary File Upload

Description

The plugin uses a static encryption key and does not validate the file path when renaming profile pictures, which could allow any authenticated users, such as subscriber, to upload arbitrary files such as PHP on the server

Affects Plugins

Plugin icon
user-registration
Fixed in 3.0.2.1

References

CVE
CVE-2023-3342
URL
https://www.wordfence.com/blog/2023/07/interesting-arbitrary-file-upload-vulnerability-patched-in-user-registration-wordpress-plugin/

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
74c48535-acd2-49e6-9fd2-99754aa6fda0

Timeline

Publicly Published
2023-07-12 (about 2 years ago)
Added
2023-07-12 (about 2 years ago)
Last Updated
2023-07-12 (about 2 years ago)

Other

Published
Title
Published
2015-03-29
Title
VideoWhisper Video Presentation 3.31.17 - Remote File Upload
Published
2026-01-13
Title
Restaurt <= 1.0.4 - Authenticated (subscriber+) Arbitrary File Upload
Published
2025-04-26
Title
CSV Mass Importer <= 1.2 - Admin+ Arbitrary File Upload
Published
2014-08-01
Title
Amerisale-Re - Remote Shell Upload
Published
2020-12-17
Title
Contact Form 7 < 5.3.2 - Unrestricted File Upload