exploitDog

CVE-2022-36386

Опубликовано: 21 сент. 2022

Источник: nvd

CVSS3: 9.1

CVSS3: 7.2

EPSS Низкий

Описание

Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.

Ссылки

https://patchstack.com/database/vulnerability/wp-all-import/wordpress-import-any-xml-or-csv-file-to-wordpress-plugin-3-6-7-authenticated-arbitrary-code-execution-vulnerability
Third Party Advisory
https://wordpress.org/plugins/wp-all-import/#developers
Product
Release Notes
https://patchstack.com/database/vulnerability/wp-all-import/wordpress-import-any-xml-or-csv-file-to-wordpress-plugin-3-6-7-authenticated-arbitrary-code-execution-vulnerability
Third Party Advisory
https://wordpress.org/plugins/wp-all-import/#developers
Product
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:soflyy:wp_all_import:*:*:*:*:*:wordpress:*:*

Версия до 3.6.7 (включая)

EPSS

Процентиль: 86%

0.02942

Низкий

9.1 Critical

CVSS3

7.2 High

CVSS3

Дефекты

CWE-434

CWE-94

Связанные уязвимости

GHSA-27v6-4m9p-3qq4

CVSS3: 7.2

github

почти 3 года назад

Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.

EPSS

Процентиль: 86%

0.02942

Низкий

9.1 Critical

CVSS3

7.2 High

CVSS3

Дефекты

CWE-434

CWE-94