The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2022-07-18T00:00:00
Updated: 2024-08-03T00:10:03.489Z
Reserved: 2022-05-03T00:00:00
Link: CVE-2022-1565
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-07-18T17:15:08.537
Modified: 2024-11-21T06:40:58.827
Link: CVE-2022-1565
Redhat
No data.