exploitDog

CVE-2022-3418

Опубликовано: 07 нояб. 2022

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files

Ссылки

https://wpscan.com/vulnerability/ccbb74f5-1b8f-4ea6-96bc-ddf62af7f94d
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/ccbb74f5-1b8f-4ea6-96bc-ddf62af7f94d
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:soflyy:wp_all_import:*:*:*:*:*:wordpress:*:*

Версия до 3.6.9 (исключая)

EPSS

Процентиль: 80%

0.01356

Низкий

7.2 High

CVSS3

Дефекты

CWE-94

CWE-94

Связанные уязвимости

GHSA-qff8-jrqx-8xjm

CVSS3: 7.2

github

больше 3 лет назад

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files

EPSS

Процентиль: 80%

0.01356

Низкий

7.2 High

CVSS3

Дефекты

CWE-94

CWE-94