CVE-2022-3912

Name of the Vulnerable Software and Affected Versions User Registration WordPress plugin versions prior to 2.2.4.1

Description The issue concerns the improper restriction of file uploads via an AJAX action, which is accessible to both unauthenticated and authenticated users. This could allow unauthenticated users to upload PHP files, for example.

Recommendations For versions prior to 2.2.4.1, update to version 2.2.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action used for file uploads to prevent unauthenticated users from uploading malicious files.