Directory Traversal Vulnerability in Import Users from CSV with Meta Plugin for WordPress
CVE-2019-15326

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Import Users From Csv With Meta
Vendor: CVE Published:; 22 August 2019

Summary

A directory traversal vulnerability exists in the Import Users from CSV with Meta plugin for WordPress, affecting versions before 1.14.2.1. This flaw allows attackers to potentially gain unauthorized access to sensitive files on the server by manipulating file paths. Proper input validation and strict file access controls are essential to prevent exploitation of this vulnerability.

References

https://wordpress.org/plugins/import-users-from-csv-with-...

x_refsource_MISC

https://wpvulndb.com/vulnerabilities/9392

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 22, 2019
Vulnerability Reserved
Aug 22, 2019