The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE
                
            References
                    | Link | Resource | 
|---|---|
| https://wpscan.com/vulnerability/578093db-a025-4148-8c4b-ec2df31743f7 | Exploit Third Party Advisory | 
| https://wpscan.com/vulnerability/578093db-a025-4148-8c4b-ec2df31743f7 | Exploit Third Party Advisory | 
Configurations
                    History
                    No history.
Information
                Published : 2022-07-04 13:15
Updated : 2024-11-21 07:00
NVD link : CVE-2022-2268
Mitre link : CVE-2022-2268
CVE.ORG link : CVE-2022-2268
JSON object : View
Products Affected
                soflyy
- wp_all_import
CWE
                
                    
                        
                        CWE-434
                        
            Unrestricted Upload of File with Dangerous Type
