CVE-2022-1273: Import WP < 2.4.6 - Admin+ Arbitrary File Upload to RCE
First published: Mon May 02 2022(Updated: )
The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ImportWP | <2.4.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-1273?
CVE-2022-1273 is considered a high severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2022-1273?
To mitigate CVE-2022-1273, upgrade the Import WP WordPress plugin to version 2.4.6 or later.
Who is affected by CVE-2022-1273?
CVE-2022-1273 affects all users of the Import WP WordPress plugin prior to version 2.4.6.
What impact does CVE-2022-1273 have on my WordPress site?
CVE-2022-1273 allows high privilege users to upload arbitrary files, which could lead to remote code execution and potential site compromise.
Is there a workaround for CVE-2022-1273?
The best workaround for CVE-2022-1273 is to disable the plugin until it can be updated to the latest version.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/title
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/importwp
- canonical/importwp