CVE-2022-2268: Malicious File Upload
First published: Mon Jul 04 2022(Updated: )
The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Soflyy Wp All Import | <3.6.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-2268?
CVE-2022-2268 is a vulnerability found in the Import any XML or CSV File to WordPress plugin before version 3.6.8.
What is the severity of CVE-2022-2268?
CVE-2022-2268 has a severity rating of 7.2, which is considered high.
How does CVE-2022-2268 affect the Import any XML or CSV File to WordPress plugin?
CVE-2022-2268 allows high privilege users, such as admin, to upload an arbitrary file, leading to remote code execution (RCE).
Which version of the Import any XML or CSV File to WordPress plugin is affected by CVE-2022-2268?
Versions up to and excluding 3.6.8 of the Import any XML or CSV File to WordPress plugin are affected by CVE-2022-2268.
Is there a reference for CVE-2022-2268?
Yes, you can find more information about CVE-2022-2268 at this reference: https://wpscan.com/vulnerability/578093db-a025-4148-8c4b-ec2df31743f7
- collector/nvd-index
- vendor/soflyy
- canonical/soflyy wp all import