← Back

CVE-2020-36849

nvd nist
Published: Jul 12, 2025Modified: Mar 4, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: security@wordfence.com (Secondary)

Description

The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Affected (1)

Ait Themes
1 product
Csv Import / Export
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Csv Import / Export
Up to 3.0.3

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (7)

Source: security@wordfence.com
Exploit
Source: security@wordfence.com
Exploit
Source: security@wordfence.com
Exploit
Source: security@wordfence.com
Vendor Advisory
Source: security@wordfence.com
Product
Source: security@wordfence.com
Third Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit

Timeline

No history available yet.