{"api_version":"1","generated_at":"2026-04-23T05:58:01+00:00","cve":"CVE-2023-3342","urls":{"html":"https://cve.report/CVE-2023-3342","api":"https://cve.report/api/cve/CVE-2023-3342.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-3342","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-3342"},"summary":{"title":"User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload","description":"The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in version 3.0.2 and fully patched in version 3.0.2.1.","state":"PUBLISHED","assigner":"Wordfence","published_at":"2023-07-13 03:15:10","updated_at":"2026-04-08 19:18:24"},"problem_types":["CWE-434","CWE-434 CWE-434 Unrestricted Upload of File with Dangerous Type"],"metrics":[{"version":"3.1","source":"security@wordfence.com","type":"Secondary","score":"9.9","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"9.9","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","data":{"baseScore":9.9,"baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/user-registration/tags/3.0.1/includes/functions-ur-core.php#L3156","name":"https://plugins.trac.wordpress.org/browser/user-registration/tags/3.0.1/includes/functions-ur-core.php#L3156","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"403 Forbidden","mime":"text/html","httpstatus":"403","archivestatus":"404"},{"url":"https://lana.codes/lanavdb/c0a58dff-7a5b-4cc0-82d6-2255e61d801c/","name":"https://lana.codes/lanavdb/c0a58dff-7a5b-4cc0-82d6-2255e61d801c/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"],"title":"User Registration by WPEverest WordPess plugin Arbitrary File Upload – Lana Codes","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://plugins.trac.wordpress.org/changeset/2933689/user-registration/trunk/includes/functions-ur-core.php","name":"https://plugins.trac.wordpress.org/changeset/2933689/user-registration/trunk/includes/functions-ur-core.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"403 Forbidden","mime":"text/html","httpstatus":"403","archivestatus":"404"},{"url":"http://packetstormsecurity.com/files/173434/WordPress-User-Registration-3.0.2-Arbitrary-File-Upload.html","name":"http://packetstormsecurity.com/files/173434/WordPress-User-Registration-3.0.2-Arbitrary-File-Upload.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"WordPress User Registration 3.0.2 Arbitrary File Upload ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a979e885-f7dd-4616-a881-64f3d97c309d?source=cve","name":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a979e885-f7dd-4616-a881-64f3d97c309d?source=cve","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-3342","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3342","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"wpeverest","product":"User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder","version":"affected 3.0.2 semver","platforms":[]},{"source":"ADP","vendor":"wpeverest","product":"user_registration","version":"affected 3.0.2 custom","platforms":[]}],"timeline":[{"source":"CNA","time":"2023-06-19T00:00:00.000Z","lang":"en","value":"Discovered"},{"source":"CNA","time":"2023-06-19T00:00:00.000Z","lang":"en","value":"Vendor Notified"},{"source":"CNA","time":"2023-07-04T00:00:00.000Z","lang":"en","value":"Disclosed"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"István Márton","lang":"en"}],"nvd_cpes":[{"cve_year":"2023","cve_id":"3342","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wpeverest","cpe5":"user_registration","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2023","cve_id":"3342","cve":"CVE-2023-3342","epss":"0.063960000","percentile":"0.910200000","score_date":"2026-04-09","updated_at":"2026-04-10 00:07:03"},"legacy_qids":[{"cve":"CVE-2023-3342","qid":"731141","title":"WordPress User Registration Arbitrary File Upload Vulnerability"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-02T06:55:03.306Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a979e885-f7dd-4616-a881-64f3d97c309d?source=cve"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/user-registration/tags/3.0.1/includes/functions-ur-core.php#L3156"},{"tags":["x_transferred"],"url":"https://lana.codes/lanavdb/c0a58dff-7a5b-4cc0-82d6-2255e61d801c/"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/changeset/2933689/user-registration/trunk/includes/functions-ur-core.php"},{"tags":["x_transferred"],"url":"http://packetstormsecurity.com/files/173434/WordPress-User-Registration-3.0.2-Arbitrary-File-Upload.html"}],"title":"CVE Program Container"},{"affected":[{"cpes":["cpe:2.3:a:wpeverest:user_registration:-:*:*:*:*:wordpress:*:*"],"defaultStatus":"unknown","product":"user_registration","vendor":"wpeverest","versions":[{"lessThanOrEqual":"3.0.2","status":"affected","version":"0","versionType":"custom"}]}],"metrics":[{"other":{"content":{"id":"CVE-2023-3342","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2024-10-16T20:09:34.058838Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-10-16T20:10:13.632Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder","vendor":"wpeverest","versions":[{"lessThanOrEqual":"3.0.2","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"István Márton"}],"descriptions":[{"lang":"en","value":"The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in version 3.0.2 and fully patched in version 3.0.2.1."}],"metrics":[{"cvssV3_1":{"baseScore":9.9,"baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-434","description":"CWE-434 Unrestricted Upload of File with Dangerous Type","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-08T17:14:07.557Z","orgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","shortName":"Wordfence"},"references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a979e885-f7dd-4616-a881-64f3d97c309d?source=cve"},{"url":"https://plugins.trac.wordpress.org/browser/user-registration/tags/3.0.1/includes/functions-ur-core.php#L3156"},{"url":"https://lana.codes/lanavdb/c0a58dff-7a5b-4cc0-82d6-2255e61d801c/"},{"url":"https://plugins.trac.wordpress.org/changeset/2933689/user-registration/trunk/includes/functions-ur-core.php"}],"timeline":[{"lang":"en","time":"2023-06-19T00:00:00.000Z","value":"Discovered"},{"lang":"en","time":"2023-06-19T00:00:00.000Z","value":"Vendor Notified"},{"lang":"en","time":"2023-07-04T00:00:00.000Z","value":"Disclosed"}],"title":"User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload"}},"cveMetadata":{"assignerOrgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","assignerShortName":"Wordfence","cveId":"CVE-2023-3342","datePublished":"2023-07-13T02:04:15.320Z","dateReserved":"2023-06-20T17:21:43.299Z","dateUpdated":"2026-04-08T17:14:07.557Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2023-07-13 03:15:10","lastModifiedDate":"2026-04-08 19:18:24","problem_types":["CWE-434","CWE-434 CWE-434 Unrestricted Upload of File with Dangerous Type"],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wpeverest:user_registration:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"3.0.2.1","matchCriteriaId":"43B8E05C-039C-438F-8E54-430BAC20DF56"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2023","CveId":"3342","Ordinal":"1","Title":"User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitra","CVE":"CVE-2023-3342","Year":"2023"},"notes":[{"CveYear":"2023","CveId":"3342","Ordinal":"1","NoteData":"The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in version 3.0.2 and fully patched in version 3.0.2.1.","Type":"Description","Title":"User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitra"}]}}}