Critical severity9.8NVD Advisory· Published Jul 12, 2025· Updated Jun 17, 2026
CVE-2020-36849
CVE-2020-36849
Description
The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=3.0.3
- AIT Themes/AIT CSV import/exportv5Range: 0
Patches
Vulnerability mechanics
References
6- github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/wp_ait_csv_rce.rbnvdExploit
- raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/wp_ait_csv_rce.rbnvdExploit
- wpscan.com/vulnerability/36e699a4-91f2-426d-ba14-26036fbfeaeanvdExploit
- www.acunetix.com/vulnerabilities/web/wordpress-plugin-ait-themes-csv-import-export-arbitrary-file-upload-3-0-3/nvdVendor Advisory
- www.wordfence.com/threat-intel/vulnerabilities/id/cece751c-400d-42b4-9438-950d5aca51fcnvdThird Party Advisory
- www.ait-themes.club/wordpress-plugins/csv-import-export/nvdProduct
News mentions
0No linked articles in our index yet.