CVE-2022-36386 WordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerability

2022-09-2119:02:24

Patchstack

www.cve.org

cve-2022-36386

wordpress

import

xml

csv

file

plugin

soflyy

authenticated

arbitrary code execution

vulnerability

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

47.2%

JSON

Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.

CNA Affected

[
  {
    "product": "Import any XML or CSV File to WordPress (WordPress plugin)",
    "vendor": "Soflyy",
    "versions": [
      {
        "lessThanOrEqual": "3.6.7",
        "status": "affected",
        "version": "<= 3.6.7",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-all-import/wordpress-import-any-xml-or-csv-file-to-wordpress-plugin-3-6-7-authenticated-arbitrary-code-execution-vulnerability

wordpress.org/plugins/wp-all-import/#developers