The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code execution.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-01-22T19:14:29.189Z
Updated: 2024-08-02T08:50:07.933Z
Reserved: 2023-12-22T16:03:38.577Z
Link: CVE-2023-7082
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-01-22T20:15:47.743
Modified: 2024-11-21T08:45:12.920
Link: CVE-2023-7082
Redhat
No data.