Lucene search

[email protected]NVD:CVE-2023-7082

HistoryJan 22, 2024 - 8:15 p.m.

CVE-2023-7082

2024-01-2220:15:47

[email protected]

web.nvd.nist.gov

wordpress

plugin

zip file

vulnerability

remote code execution

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.4%

JSON

The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code execution.

Affected configurations

Nvd

Node

soflyyexport_any_wordpress_data_to_xml\/csvRange<3.7.3wordpress

VendorProductVersionCPE
soflyyexport_any_wordpress_data_to_xml\/csv*cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml\/csv:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
soflyy	export_any_wordpress_data_to_xml\/csv	*	cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml\/csv::::::wordpress::*

References

wpscan.com/vulnerability/7f947305-7a72-4c59-9ae8-193f437fd04e/

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.4%

JSON

Related for NVD:CVE-2023-7082

cvelist1 cve1 wpvulndb1 prion1 wpexploit1