Lucene search
WPScanCVE-2022-3244HistoryOct 17, 2022 - 12:15 p.m.
CVE-2022-3244
2022-10-1712:15:10
CWE-862
WPScan
web.nvd.nist.gov
38
3
cve-2022-3244
import all xml
csv & txt
wordpress plugin
authorization
authenticated users
nonce
security vulnerability
CVSS3
4.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
AI Score
4.3
Confidence
High
EPSS
0.001
Percentile
23.0%
The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce
Affected configurations
Node
smackcodersimport_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csvRange<6.5.8wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| smackcoders | import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv | * | cpe:2.3:a:smackcoders:import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv:*:*:*:*:wordpress:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Import all XML, CSV & TXT into WordPress",
"versions": [
{
"version": "6.5.8",
"status": "affected",
"lessThan": "6.5.8",
"versionType": "custom"
}
]
}
]Social References
More
Related
patchstack
patchstack
cvelist
cvelist
prion
prion
Design/Logic Flaw
2022-10-17 12:15:00
wpvulndb
wpvulndb
Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation
2022-09-20 00:00:00
nvd
nvd
CVE-2022-3244
2022-10-17 12:15:10
CVSS3
4.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
AI Score
4.3
Confidence
High
EPSS
0.001
Percentile
23.0%
Related for CVE-2022-3244