Lucene search
China National Vulnerability DatabaseCNVD-2022-54363HistoryJun 30, 2022 - 12:00 a.m.
WordPress HTML2WP plugin arbitrary file upload vulnerability
2022-06-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
12
0.05 Low
EPSS
Percentile
92.9%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress HTML2WP plugin 1.0.0 and earlier versions contain an arbitrary file upload vulnerability that stems from the fact that authorization and CSRF checks are not performed when importing files, nor are they authenticated, and an un unauthenticated attacker can use this vulnerability to upload arbitrary files (such as PHP) on a remote server.
| CPE | Name | Operator | Version |
|---|---|---|---|
| WordPress HTML2WP plugin | le | 1.0.0 |
Related
nuclei
nuclei
WordPress HTML2WP <=1.0.0 - Arbitrary File Upload
2022-10-19 10:16:16
nvd
nvd
CVE-2022-1574
2022-06-27 09:15:09
patchstack
patchstack
wpvulndb
wpvulndb
HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload
2022-06-02 00:00:00
cvelist
cvelist
CVE-2022-1574 HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload
2022-06-27 08:57:00
wpexploit
wpexploit
HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload
2022-06-02 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-06-27 09:15:00
cve
cve
CVE-2022-1574
2022-06-27 09:15:09