CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-2268

The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.8%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 6.5

References

Products affected by CVE-2022-2268

Soflyy » Wp All Import » Version: 2.12

cpe:2.3:a:soflyy:wp_all_import:2.12
Soflyy » Wp All Import » Version: 2.13

cpe:2.3:a:soflyy:wp_all_import:2.13
Soflyy » Wp All Import » Version: 2.14

cpe:2.3:a:soflyy:wp_all_import:2.14
Soflyy » Wp All Import » Version: 3.0

cpe:2.3:a:soflyy:wp_all_import:3.0
Soflyy » Wp All Import » Version: 3.0.2

cpe:2.3:a:soflyy:wp_all_import:3.0.2
Soflyy » Wp All Import » Version: 3.0.4

cpe:2.3:a:soflyy:wp_all_import:3.0.4
Soflyy » Wp All Import » Version: 3.1.0

cpe:2.3:a:soflyy:wp_all_import:3.1.0
Soflyy » Wp All Import » Version: 3.1.1

cpe:2.3:a:soflyy:wp_all_import:3.1.1
Soflyy » Wp All Import » Version: 3.1.2

cpe:2.3:a:soflyy:wp_all_import:3.1.2
Soflyy » Wp All Import » Version: 3.1.3

cpe:2.3:a:soflyy:wp_all_import:3.1.3
Soflyy » Wp All Import » Version: 3.1.4

cpe:2.3:a:soflyy:wp_all_import:3.1.4
Soflyy » Wp All Import » Version: 3.1.5

cpe:2.3:a:soflyy:wp_all_import:3.1.5
Soflyy » Wp All Import » Version: 3.2.0

cpe:2.3:a:soflyy:wp_all_import:3.2.0
Soflyy » Wp All Import » Version: 3.2.1

cpe:2.3:a:soflyy:wp_all_import:3.2.1
Soflyy » Wp All Import » Version: 3.2.2

cpe:2.3:a:soflyy:wp_all_import:3.2.2
Soflyy » Wp All Import » Version: 3.2.3

cpe:2.3:a:soflyy:wp_all_import:3.2.3
Soflyy » Wp All Import » Version: 3.2.4

cpe:2.3:a:soflyy:wp_all_import:3.2.4
Soflyy » Wp All Import » Version: 3.2.5

cpe:2.3:a:soflyy:wp_all_import:3.2.5
Soflyy » Wp All Import » Version: 3.2.6

cpe:2.3:a:soflyy:wp_all_import:3.2.6
Soflyy » Wp All Import » Version: 3.2.7

cpe:2.3:a:soflyy:wp_all_import:3.2.7
Soflyy » Wp All Import » Version: 3.2.8

cpe:2.3:a:soflyy:wp_all_import:3.2.8
Soflyy » Wp All Import » Version: 3.2.9

cpe:2.3:a:soflyy:wp_all_import:3.2.9
Soflyy » Wp All Import » Version: 3.3.0

cpe:2.3:a:soflyy:wp_all_import:3.3.0
Soflyy » Wp All Import » Version: 3.3.1

cpe:2.3:a:soflyy:wp_all_import:3.3.1
Soflyy » Wp All Import » Version: 3.3.2

cpe:2.3:a:soflyy:wp_all_import:3.3.2
Soflyy » Wp All Import » Version: 3.3.3

cpe:2.3:a:soflyy:wp_all_import:3.3.3
Soflyy » Wp All Import » Version: 3.3.4

cpe:2.3:a:soflyy:wp_all_import:3.3.4
Soflyy » Wp All Import » Version: 3.3.5

cpe:2.3:a:soflyy:wp_all_import:3.3.5
Soflyy » Wp All Import » Version: 3.3.6

cpe:2.3:a:soflyy:wp_all_import:3.3.6
Soflyy » Wp All Import » Version: 3.3.7

cpe:2.3:a:soflyy:wp_all_import:3.3.7
Soflyy » Wp All Import » Version: 3.3.8

cpe:2.3:a:soflyy:wp_all_import:3.3.8
Soflyy » Wp All Import » Version: 3.3.9

cpe:2.3:a:soflyy:wp_all_import:3.3.9
Soflyy » Wp All Import » Version: 3.4.0

cpe:2.3:a:soflyy:wp_all_import:3.4.0
Soflyy » Wp All Import » Version: 3.4.1

cpe:2.3:a:soflyy:wp_all_import:3.4.1
Soflyy » Wp All Import » Version: 3.4.2

cpe:2.3:a:soflyy:wp_all_import:3.4.2
Soflyy » Wp All Import » Version: 3.4.3

cpe:2.3:a:soflyy:wp_all_import:3.4.3
Soflyy » Wp All Import » Version: 3.4.4

cpe:2.3:a:soflyy:wp_all_import:3.4.4
Soflyy » Wp All Import » Version: 3.4.5

cpe:2.3:a:soflyy:wp_all_import:3.4.5
Soflyy » Wp All Import » Version: 3.4.6

cpe:2.3:a:soflyy:wp_all_import:3.4.6
Soflyy » Wp All Import » Version: 3.4.7

cpe:2.3:a:soflyy:wp_all_import:3.4.7
Soflyy » Wp All Import » Version: 3.4.8

cpe:2.3:a:soflyy:wp_all_import:3.4.8
Soflyy » Wp All Import » Version: 3.4.9

cpe:2.3:a:soflyy:wp_all_import:3.4.9
Soflyy » Wp All Import » Version: 3.5.0

cpe:2.3:a:soflyy:wp_all_import:3.5.0
Soflyy » Wp All Import » Version: 3.5.1

cpe:2.3:a:soflyy:wp_all_import:3.5.1
Soflyy » Wp All Import » Version: 3.5.2

cpe:2.3:a:soflyy:wp_all_import:3.5.2
Soflyy » Wp All Import » Version: 3.5.3

cpe:2.3:a:soflyy:wp_all_import:3.5.3
Soflyy » Wp All Import » Version: 3.5.4

cpe:2.3:a:soflyy:wp_all_import:3.5.4
Soflyy » Wp All Import » Version: 3.5.5

cpe:2.3:a:soflyy:wp_all_import:3.5.5
Soflyy » Wp All Import » Version: 3.5.6

cpe:2.3:a:soflyy:wp_all_import:3.5.6
Soflyy » Wp All Import » Version: 3.5.7

cpe:2.3:a:soflyy:wp_all_import:3.5.7
Soflyy » Wp All Import » Version: 3.5.8

cpe:2.3:a:soflyy:wp_all_import:3.5.8
Soflyy » Wp All Import » Version: 3.5.9

cpe:2.3:a:soflyy:wp_all_import:3.5.9
Soflyy » Wp All Import » Version: 3.6.0

cpe:2.3:a:soflyy:wp_all_import:3.6.0
Soflyy » Wp All Import » Version: 3.6.1

cpe:2.3:a:soflyy:wp_all_import:3.6.1
Soflyy » Wp All Import » Version: 3.6.2

cpe:2.3:a:soflyy:wp_all_import:3.6.2
Soflyy » Wp All Import » Version: 3.6.3

cpe:2.3:a:soflyy:wp_all_import:3.6.3
Soflyy » Wp All Import » Version: 3.6.4

cpe:2.3:a:soflyy:wp_all_import:3.6.4
Soflyy » Wp All Import » Version: 3.6.5

cpe:2.3:a:soflyy:wp_all_import:3.6.5
Soflyy » Wp All Import » Version: 3.6.6

cpe:2.3:a:soflyy:wp_all_import:3.6.6
Soflyy » Wp All Import » Version: 3.6.7

cpe:2.3:a:soflyy:wp_all_import:3.6.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-2268

Products

Pricing

Contact Us