Lucene search
HistoryNov 07, 2022 - 10:15 a.m.
CVE-2022-3418
wordpress
plugin
file uploads
security vulnerability
cve-2022-3418
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
44.9%
The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files
Affected configurations
Node
soflyywp_all_importRange<3.6.9wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| soflyy | wp_all_import | * | cpe:2.3:a:soflyy:wp_all_import:*:*:*:*:*:wordpress:*:* |
Related
cve
cve
CVE-2022-3418
2022-11-07 10:15:11
wpvulndb
wpvulndb
WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE
2022-10-14 00:00:00
wpexploit
wpexploit
WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE
2022-10-14 00:00:00
prion
prion
Design/Logic Flaw
2022-11-07 10:15:00
cvelist
cvelist
CVE-2022-3418 WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE
2022-11-07 00:00:00
openvas
openvas
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
44.9%
Related for NVD:CVE-2022-3418