{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-3912","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","requesterUserId":"dc9e157c-ddf1-4983-adaf-9f01d16b5e04","dateReserved":"2022-11-09T14:25:36.870Z","datePublished":"2022-12-12T17:54:35.983Z","dateUpdated":"2025-04-22T15:33:37.802Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2022-12-12T17:54:35.983Z"},"title":"User Registration < 2.2.4.1 - Subscriber+ Arbitrary File Upload","problemTypes":[{"descriptions":[{"description":"CWE-434 Unrestricted Upload of File with Dangerous Type","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"User Registration","collectionURL":"https://wordpress.org/plugins","versions":[{"status":"affected","versionType":"custom","version":"0","lessThan":"2.2.4.1"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example."}],"references":[{"url":"https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"cydave","type":"finder"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T01:20:58.758Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/968c677c-1beb-459b-8fd1-7f70bcaa4f74","tags":["exploit","vdb-entry","technical-description","x_transferred"]}]},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.5,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-22T15:33:08.787287Z","id":"CVE-2022-3912","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-22T15:33:37.802Z"}}]}}