Lucene search
WPScanCVE-2022-3418HistoryNov 07, 2022 - 10:15 a.m.
CVE-2022-3418
2022-11-0710:15:11
CWE-94
WPScan
web.nvd.nist.gov
57
4
wordpress
plugin
security
arbitrary file upload
cve-2022-3418
nvd
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
44.9%
The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files
Affected configurations
Node
soflyywp_all_importRange<3.6.9wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| soflyy | wp_all_import | * | cpe:2.3:a:soflyy:wp_all_import:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Import any XML or CSV File to WordPress",
"versions": [
{
"version": "3.6.9",
"status": "affected",
"lessThan": "3.6.9",
"versionType": "custom"
}
]
}
]Social References
More
Related
wpexploit
wpexploit
WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE
2022-10-14 00:00:00
prion
prion
Design/Logic Flaw
2022-11-07 10:15:00
cvelist
cvelist
CVE-2022-3418 WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE
2022-11-07 00:00:00
nvd
nvd
CVE-2022-3418
2022-11-07 10:15:11
wpvulndb
wpvulndb
WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE
2022-10-14 00:00:00
openvas
openvas
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
44.9%
Related for CVE-2022-3418