2 matches found
CVE-2022-1273 Import WP < 2.4.6 - Admin+ Arbitrary File Upload to RCE
The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files such as PHP, leading to RCE...
CVE-2022-1273
The CVE-2022-1273 entry concerns the WordPress Import WP plugin prior to version 2.4.6. The vulnerability: the plugin does not validate the imported file in certain scenarios, allowing high-privilege users (e.g., admins) to upload arbitrary files (including PHP), which can lead to remote code exe...