Lucene search

WPScanCVE-2023-7082

HistoryJan 22, 2024 - 8:15 p.m.

CVE-2023-7082

2024-01-2220:15:47

WPScan

web.nvd.nist.gov

wordpress

plugin

security

vulnerability

cve-2023-7082

nvd

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.4%

JSON

The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code execution.

Affected configurations

Nvd

Vulners

Node

soflyyexport_any_wordpress_data_to_xml\/csvRange<3.7.3wordpress

VendorProductVersionCPE
soflyyexport_any_wordpress_data_to_xml\/csv*cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml\/csv:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
soflyy	export_any_wordpress_data_to_xml\/csv	*	cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml\/csv::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Import any XML or CSV File to WordPress",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "3.7.3"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/7f947305-7a72-4c59-9ae8-193f437fd04e/

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.4%

JSON

Related for CVE-2023-7082