CVE-2022-1273

HIGH

Import WP WordPress Plugin < 2.4.6 - Authenticated Arbitrary File Upload and Remote Code Execution

Title source: llm
STIX 2.1

Description

The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/ad99b9ba-5f24-4682-a787-00f0e8e32603

Scores

CVSS v3 7.2
EPSS 0.0147
EPSS Percentile 70.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
importwp/import_wp < 2.4.6
Published May 02, 2022
Tracked Since Feb 18, 2026