Lucene search

K
cvelistWPScanCVELIST:CVE-2022-1977
HistoryJun 27, 2022 - 8:59 a.m.

CVE-2022-1977 WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRF

2022-06-2708:59:05
CWE-918
WPScan
www.cve.org
1

0.001 Low

EPSS

Percentile

38.3%

The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks

CNA Affected

[
  {
    "product": "Import Export All WordPress Images, Users & Post Types",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "6.5.3",
        "status": "affected",
        "version": "6.5.3",
        "versionType": "custom"
      }
    ]
  }
]

0.001 Low

EPSS

Percentile

38.3%

Related for CVELIST:CVE-2022-1977