Vulnerability Details CVE-2022-1574
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server
Exploit prediction scoring system (EPSS) score
EPSS Score 0.756
EPSS Ranking 98.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2022-1574
-
cpe:2.3:a:html2wp_project:html2wp:*