Search criteria
2 vulnerabilities found for Import WP – Import and Export WordPress data to XML or CSV files by Unknown
CVE-2022-1273 (GCVE-0-2022-1273)
Vulnerability from cvelistv5 – Published: 2022-05-02 16:05 – Updated: 2024-08-02 23:55
VLAI?
Summary
The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE
Severity ?
No CVSS data available.
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Import WP – Import and Export WordPress data to XML or CSV files |
Affected:
2.4.6 , < 2.4.6
(custom)
|
Credits
ericfrank900528
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ad99b9ba-5f24-4682-a787-00f0e8e32603"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Import WP \u2013 Import and Export WordPress data to XML or CSV files",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.4.6",
"status": "affected",
"version": "2.4.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ericfrank900528"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T16:05:55",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/ad99b9ba-5f24-4682-a787-00f0e8e32603"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Import WP \u003c 2.4.6 - Admin+ Arbitrary File Upload to RCE",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1273",
"STATE": "PUBLIC",
"TITLE": "Import WP \u003c 2.4.6 - Admin+ Arbitrary File Upload to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Import WP \u2013 Import and Export WordPress data to XML or CSV files",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.4.6",
"version_value": "2.4.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ericfrank900528"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/ad99b9ba-5f24-4682-a787-00f0e8e32603",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/ad99b9ba-5f24-4682-a787-00f0e8e32603"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1273",
"datePublished": "2022-05-02T16:05:55",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1273 (GCVE-0-2022-1273)
Vulnerability from nvd – Published: 2022-05-02 16:05 – Updated: 2024-08-02 23:55
VLAI?
Summary
The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE
Severity ?
No CVSS data available.
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Import WP – Import and Export WordPress data to XML or CSV files |
Affected:
2.4.6 , < 2.4.6
(custom)
|
Credits
ericfrank900528
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ad99b9ba-5f24-4682-a787-00f0e8e32603"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Import WP \u2013 Import and Export WordPress data to XML or CSV files",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.4.6",
"status": "affected",
"version": "2.4.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ericfrank900528"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T16:05:55",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/ad99b9ba-5f24-4682-a787-00f0e8e32603"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Import WP \u003c 2.4.6 - Admin+ Arbitrary File Upload to RCE",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1273",
"STATE": "PUBLIC",
"TITLE": "Import WP \u003c 2.4.6 - Admin+ Arbitrary File Upload to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Import WP \u2013 Import and Export WordPress data to XML or CSV files",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.4.6",
"version_value": "2.4.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ericfrank900528"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/ad99b9ba-5f24-4682-a787-00f0e8e32603",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/ad99b9ba-5f24-4682-a787-00f0e8e32603"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1273",
"datePublished": "2022-05-02T16:05:55",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}