exploitDog

CVE-2022-1977

Опубликовано: 27 июн. 2022

Источник: nvd

CVSS3: 7.2

CVSS2: 6

EPSS Низкий

Описание

The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks

Ссылки

https://wpscan.com/vulnerability/1b640519-75e1-48cb-944e-b9bff9de6d3d
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/1b640519-75e1-48cb-944e-b9bff9de6d3d
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:smackcoders:import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv:*:*:*:*:wordpress:*:*:*

Версия до 6.5.3 (исключая)

EPSS

Процентиль: 72%

0.00723

Низкий

7.2 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-918

CWE-918

Связанные уязвимости

GHSA-f2w4-mp23-hr7q

CVSS3: 7.2

github

больше 3 лет назад

The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks

EPSS

Процентиль: 72%

0.00723

Низкий

7.2 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-918

CWE-918