CVE-2022-1008

Published: Apr 11, 2022Modified: Jun 17, 2026

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed

Affected (1)

Products: Ocdi: One Click Demo Import

Ocdi

1 product

One Click Demo Import

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ocdi One Click Demo Import	Before 3.1.0

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://plugins.trac.wordpress.org/changeset/2695999

Source: contact@wpscan.com

PatchThird Party Advisory

https://wpscan.com/vulnerability/0c2e2b4d-49eb-4fd9-b9f0-3feae80c1082

Source: contact@wpscan.com

ExploitPatchThird Party Advisory

https://plugins.trac.wordpress.org/changeset/2695999

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://wpscan.com/vulnerability/0c2e2b4d-49eb-4fd9-b9f0-3feae80c1082

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.