The vulnerability exists in the way the Front-End Users plugin handles file uploads through registration forms. There is no proper file extension validation, authentication checks, or file type ...