CVE-2022-3244 (GCVE-0-2022-3244)
Vulnerability from cvelistv5 – Published: 2022-10-17 00:00 – Updated: 2025-05-13 15:55
VLAI?
Title
Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation
Summary
The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce
Severity ?
4.2 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Import all XML, CSV & TXT into WordPress |
Affected:
6.5.8 , < 6.5.8
(custom)
|
Credits
Sanjay Das
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/de4bc449-3dd4-4776-943f-ac59ae813132"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3244",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T15:54:21.900462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:55:04.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Import all XML, CSV \u0026 TXT into WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.5.8",
"status": "affected",
"version": "6.5.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sanjay Das"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Import all XML, CSV \u0026 TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/de4bc449-3dd4-4776-943f-ac59ae813132"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Import all XML, CSV \u0026 TXT into WordPress \u003c 6.5.8 - Missing Authorisation",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3244",
"datePublished": "2022-10-17T00:00:00.000Z",
"dateReserved": "2022-09-20T00:00:00.000Z",
"dateUpdated": "2025-05-13T15:55:04.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:smackcoders:import_all_pages\\\\,_post_types\\\\,_products\\\\,_orders\\\\,_and_users_as_xml_\\\\\u0026_csv:*:*:*:*:wordpress:*:*:*\", \"versionEndExcluding\": \"6.5.8\", \"matchCriteriaId\": \"00F99057-7DDD-4C18-B8A3-B6FAE83B2820\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The Import all XML, CSV \u0026 TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce\"}, {\"lang\": \"es\", \"value\": \"El plugin Import all XML, CSV \u0026amp; TXT de WordPress versiones anteriores a 6.5.8 no presenta autorizaci\\u00f3n en algunos lugares, lo que podr\\u00eda permitir a cualquier usuario autenticado acceder a algunas de las funciones del plugin si consigue conseguir el nonce relacionado\"}]",
"id": "CVE-2022-3244",
"lastModified": "2024-11-21T07:19:07.903",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 4.2, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 2.5}]}",
"published": "2022-10-17T12:15:10.657",
"references": "[{\"url\": \"https://wpscan.com/vulnerability/de4bc449-3dd4-4776-943f-ac59ae813132\", \"source\": \"contact@wpscan.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://wpscan.com/vulnerability/de4bc449-3dd4-4776-943f-ac59ae813132\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"contact@wpscan.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-862\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-3244\",\"sourceIdentifier\":\"contact@wpscan.com\",\"published\":\"2022-10-17T12:15:10.657\",\"lastModified\":\"2025-05-13T16:15:20.770\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Import all XML, CSV \u0026 TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce\"},{\"lang\":\"es\",\"value\":\"El plugin Import all XML, CSV \u0026amp; TXT de WordPress versiones anteriores a 6.5.8 no presenta autorizaci\u00f3n en algunos lugares, lo que podr\u00eda permitir a cualquier usuario autenticado acceder a algunas de las funciones del plugin si consigue conseguir el nonce relacionado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":2.5},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"contact@wpscan.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:smackcoders:import_all_pages\\\\,_post_types\\\\,_products\\\\,_orders\\\\,_and_users_as_xml_\\\\\u0026_csv:*:*:*:*:wordpress:*:*:*\",\"versionEndExcluding\":\"6.5.8\",\"matchCriteriaId\":\"00F99057-7DDD-4C18-B8A3-B6FAE83B2820\"}]}]}],\"references\":[{\"url\":\"https://wpscan.com/vulnerability/de4bc449-3dd4-4776-943f-ac59ae813132\",\"source\":\"contact@wpscan.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://wpscan.com/vulnerability/de4bc449-3dd4-4776-943f-ac59ae813132\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://wpscan.com/vulnerability/de4bc449-3dd4-4776-943f-ac59ae813132\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T01:00:10.691Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-3244\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-13T15:54:21.900462Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-13T15:54:53.117Z\"}}], \"cna\": {\"title\": \"Import all XML, CSV \u0026 TXT into WordPress \u003c 6.5.8 - Missing Authorisation\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Sanjay Das\"}], \"affected\": [{\"vendor\": \"Unknown\", \"product\": \"Import all XML, CSV \u0026 TXT into WordPress\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.5.8\", \"lessThan\": \"6.5.8\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://wpscan.com/vulnerability/de4bc449-3dd4-4776-943f-ac59ae813132\"}], \"x_generator\": \"WPScan CVE Generator\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Import all XML, CSV \u0026 TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862 Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81\", \"shortName\": \"WPScan\", \"dateUpdated\": \"2022-10-17T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-3244\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-13T15:55:04.083Z\", \"dateReserved\": \"2022-09-20T00:00:00.000Z\", \"assignerOrgId\": \"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81\", \"datePublished\": \"2022-10-17T00:00:00.000Z\", \"assignerShortName\": \"WPScan\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…