CVE-2022-1273

Published: May 2, 2022Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE

Affected (1)

Products: Importwp: Import Wp

Importwp

1 product

Import Wp

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Importwp Import Wp	Before 2.4.6

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://wpscan.com/vulnerability/ad99b9ba-5f24-4682-a787-00f0e8e32603

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/ad99b9ba-5f24-4682-a787-00f0e8e32603

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.