High severity7.2NVD Advisory· Published Jul 18, 2022· Updated Apr 8, 2026
CVE-2022-1565
CVE-2022-1565
Description
The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- plugins.trac.wordpress.org/changeset/2749264/wp-all-import/trunknvdPatch
- www.wordfence.com/threat-intel/vulnerabilities/id/5d281333-d9af-4eb7-bc5c-ea7ceeddac03nvdThird Party Advisory
- www.wordfence.com/vulnerability-advisories/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.