9 matches found
CVE-2022-1565
The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wpallimportgetgz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary...
Exploit for Unrestricted Upload of File with Dangerous Type in Wpallimport Wp_All_Import
WordPress Plugin WP All Import = 3.6.7 - Thực thi mã từ xa R...
WordPress WP All Import 3.6.7 Remote Code Execution
Exploit Title: WP All Import v3.6.7 - Remote Code Execution RCE Authenticated Date: 11/05/2022 Exploit Author: AkuCyberSec https://github.com/AkuCyberSec Vendor Homepage: https://www.wpallimport.com/ Software Link: https://wordpress.org/plugins/wp-all-import/advanced/ scroll down to select the...
WordPress WP All Import v3.6.7 - Remote Code Execution Exploit
Exploit Title: WP All Import v3.6.7 - Remote Code Execution RCE Authenticated Exploit Author: AkuCyberSec https://github.com/AkuCyberSec Vendor Homepage: https://www.wpallimport.com/ Software Link: https://wordpress.org/plugins/wp-all-import/advanced/ scroll down to select the version Version: =...
WordPress Import any XML or CSV File to WordPress Plugin < 3.6.8 RCE Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2022-1565
creationtimestamp| type| source ---|---|--- 2022-07-18 20:39:52+00:00| seen| https://t.me/cibsecurity/46478 2023-03-29 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51122...
CVE-2022-1565
The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wpallimportgetgz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary...
CVE-2022-1565
The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wpallimportgetgz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary...
CVE-2022-1565
CVE-2022-1565 affects WP All Import for WordPress (versions up to 3.6.7). The vulnerability stems from missing file type validation in wp_all_import_get_gz.php, allowing authenticated administrators to upload arbitrary files to the server, with potential remote code execution. Public references i...