Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:0 a.m.14 views

CVE-2022-2711

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vect...

7.2CVSS6.8AI score0.03187EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2022/11/08 12:0 a.m.17 views

WordPress Import any XML or CSV File to WordPress Plugin < 3.6.9 Multiple File Upload Vulnerabilities

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

7.2CVSS7AI score0.03187EPSS
Exploits4References2
OSV
OSV
added 2022/11/07 10:15 a.m.3 views

CVE-2022-2711

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vect...

7.2CVSS5.9AI score0.03187EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/11/07 12:0 a.m.9 views

CVE-2022-2711 WP All Import < 3.6.9 - Admin+ Directory traversal via file upload

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vect...

7AI score0.03187EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/11/07 12:0 a.m.40 views

CVE-2022-2711 WP All Import < 3.6.9 - Admin+ Directory traversal via file upload

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vect...

7.1AI score0.03187EPSS
Exploits2References1
CVE
CVE
added 2022/11/07 12:0 a.m.62 views

CVE-2022-2711

CVE-2022-2711 affects the WordPress plugin WP All Import (Import any XML or CSV File to WordPress) prior to version 3.6.9. The issue is improper validation of file paths for files inside uploaded zip archives, enabling highly privileged users (admins) to perform path traversal and write arbitrary...

7.2CVSS7AI score0.03187EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder