Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:B469D595-14FA-4514-A79D-CDEC7BAF8A64
HistoryJun 28, 2022 - 12:00 a.m.

Import any XML or CSV File to WordPress < 3.6.8 - Admin+ Arbitrary Code Execution

2022-06-2800:00:00
wpscan.com
9
wordpress
importing
xml
csv
admin
arbitrary code execution
rce
security

EPSS

0.001

Percentile

47.2%

JSON

The plugin allows high privilege users such as admin to import zip archives containing PHP files, which could allow admin of multisite setup to perform RCE attacks

Related

nvd 1
prion 1
cvelist 1
openvas 1
patchstack 1
cve 1
nvd
nvd
CVE-2022-36386
2022-09-21 20:15:10
prion
prion
Remote code execution
2022-09-21 20:15:00
cvelist
cvelist
CVE-2022-36386 WordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerability
2022-09-21 19:02:24
openvas
openvas
WordPress Import any XML or CSV File to WordPress Plugin < 3.6.8 RCE Vulnerability
2022-11-08 00:00:00
patchstack
patchstack
WordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerability
2022-06-28 00:00:00
cve
cve
CVE-2022-36386
2022-09-21 20:15:10

EPSS

0.001

Percentile

47.2%

JSON
Related for WPVDB-ID:B469D595-14FA-4514-A79D-CDEC7BAF8A64
nvd1prion1cvelist1openvas1patchstack1cve1