On June 19, 2023, the Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Arbitrary File Upload vulnerability in WPEverest’s User Registration plugin, which is actively installed on more than 60,000 WordPress websites. This vulnerability makes it possible for an authenticated attacker with minimal permissions, such as a subscriber, to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server.
All users of Wordfence received a firewall rule to protect against any exploits targeting this vulnerability by July 20, 2023.
We contacted WPEverest on June 19, 2023, and received a response the same day. After we provided full disclosure details, the developer released the first patch, which did not fully address the vulnerability, in version 3.0.2 on June 29, 2023. A fully patched version, 3.0.2.1, was released on July 4, 2023. We would like to commend the WPEverest development team for their prompt response and timely patch.
We urge users to update their sites with the latest patched version of User Registration, which is version 3.0.2.1 at the time of this writing, as soon as possible.
Source and more details: https://www.wordfence.com/blog/2023/07/interesting-arbitrary-file-upload-vulnerability-patched-in-user-registration-wordpress-plugin