First published: Wed Sep 21 2022(Updated: )
Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Soflyy Wp All Import | <=3.6.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-36386 refers to an Authenticated Arbitrary Code Execution vulnerability in the Soflyy Import any XML or CSV File to WordPress plugin version 3.6.7 and earlier.
CVE-2022-36386 has a severity level of critical with a CVSS score of 7.2.
CVE-2022-36386 allows authenticated attackers to execute arbitrary code on WordPress sites using Soflyy Import any XML or CSV File plugin version 3.6.7 and earlier.
To fix CVE-2022-36386, update Soflyy Import any XML or CSV File to WordPress plugin to the latest version available.
You can find more information about CVE-2022-36386 at the following references: [Reference 1](https://patchstack.com/database/vulnerability/wp-all-import/wordpress-import-any-xml-or-csv-file-to-wordpress-plugin-3-6-7-authenticated-arbitrary-code-execution-vulnerability) and [Reference 2](https://wordpress.org/plugins/wp-all-import/#developers).