← Back

CVE-2024-13562

nvd nist
Published: Jan 25, 2025Modified: Feb 4, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: security@wordfence.com (Secondary)

Description

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/ directory which can contain information like imported or local user data and files.

Affected (1)

Products: Importwp: Import Wp
Importwp
1 product
Import Wp
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Import Wp
Before 2.14.6

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

Source: security@wordfence.com
Patch
Source: security@wordfence.com
Third Party Advisory

Timeline

No history available yet.