Unrated severityNVD Advisory· Published Jul 4, 2022· Updated Aug 3, 2024
WP All Import < 3.6.8 - Admin+ Arbitrary File Upload
CVE-2022-2268
Description
The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<3.6.8+ 1 more
- (no CPE)range: <3.6.8
- (no CPE)range: <3.6.8
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/578093db-a025-4148-8c4b-ec2df31743f7mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.