CVE-2026-4882 - User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload
CVE ID :CVE-2026-4882 Published : May 2, 2026, 5:16 a.m. | 51 minutes ago Description :The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::method_upload' function in all versions up to, and in
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Data thieft: A 15-year-old minor arrested
- [CYBER] From Prompt to Production: AYW Workflow Case Study
- [CYBER] Energy Security for “The Africa We Want”: Turning a Global Shock into a Continental Reset
- [CYBER] CVE-2026-6229 - Royal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL Parameter
- [CYBER] CVE-2026-6457 - Geo Mashup <= 1.13.19 - Authenticated (Subscriber+) SQL Injection via 'geo_mashup_null_fields' Parameter
- [CYBER] CVE-2026-6449 - Booking for Appointments and Events Calendar – Amelia <= 2.1.2 - Unauthenticated Authorization Bypass via Remote Approval Endpoint