Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation
CVE-2022-3244

4.2MEDIUM

Key Information:

Vendor

Wordpress
Status
Import All Xml, Csv & Txt Into WordPress
Vendor
CVE Published:
17 October 2022

What is CVE-2022-3244?

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Import all XML, CSV & TXT into WordPress 6.5.8

References

https://wpscan.com/vulnerability/de4bc449-3dd4-4776-943f-...

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sanjay Das
JSON
.