Lucene search

[email protected]NVD:CVE-2022-2711

HistoryNov 07, 2022 - 10:15 a.m.

CVE-2022-2711

2022-11-0710:15:11

CWE-22

[email protected]

web.nvd.nist.gov

wordpress

plugin vulnerability

file system access

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

35.6%

JSON

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector.

Affected configurations

Nvd

Node

soflyywp_all_importRange<3.6.9wordpress

VendorProductVersionCPE
soflyywp_all_import*cpe:2.3:a:soflyy:wp_all_import:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
soflyy	wp_all_import	*	cpe:2.3:a:soflyy:wp_all_import::::::wordpress::*

References

wpscan.com/vulnerability/11e73c23-ff5f-42e5-a4b0-0971652dcea1

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

35.6%

JSON

Related for NVD:CVE-2022-2711

cve1 wpvulndb1 prion1 cvelist1 wpexploit1 openvas1