CVE-2022-2268
CVE-2022-2268 concerns the WordPress plugin “Import any XML or CSV File to WordPress” (versions before 3.6.8). The vulnerability arises because the plugin accepts all ZIP files and automatically extracts them without validating the extracted file type, enabling high-privilege users (e.g., admins)...