CVE-2022-1273

Summary

The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE

Affected Software

VendorProductVersion RangeStatus
UnknownImport WP – Import and Export WordPress data to XML or CSV files2.4.6 < 2.4.6affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CVE Program Container

Additional References

References