Описание
The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.2.4.1 (исключая)
cpe:2.3:a:wpeverest:user_registration:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 65%
0.0048
Низкий
7.5 High
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 7.5
github
около 3 лет назад
The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.
EPSS
Процентиль: 65%
0.0048
Низкий
7.5 High
CVSS3
Дефекты
CWE-434