CVE-2022-3418
HIGHWP All Import < 3.6.9 - Authenticated Arbitrary File Upload via XML/CSV Import
Title source: llmDescription
The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://wpscan.com/vulnerability/ccbb74f5-1b8f-4ea6-96bc-ddf62af7f94d
Scores
CVSS v3
7.2
EPSS
0.0110
EPSS Percentile
61.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (1)
soflyy/wp_all_import
< 3.6.9
Published
Nov 07, 2022
Tracked Since
Feb 18, 2026