The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code execution.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/7f947305-7a72-4c59-9ae8-193f437fd04e/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2024-01-22T19:14:29.189Z
Updated: 2024-01-22T19:14:29.189Z
Reserved: 2023-12-22T16:03:38.577Z
Link: CVE-2023-7082
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-22T20:15:47.743
Modified: 2024-01-26T19:48:56.570
Link: CVE-2023-7082
JSON object: View
Redhat Information
No data.
CWE