Vulnerability Details CVE-2023-7082
The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.035
EPSS Ranking 87.1%
CVSS Severity
CVSS v3 Score 7.2
References
Products affected by CVE-2023-7082
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:-
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:0.9.1
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.0.0
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.0.1
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.0.2
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.0.3
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.0.4
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.0.5
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.0.6
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.0.7
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.0.8
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.0.9
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.1.0
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.1.1
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.1.2
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.1.3
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.1.4
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.1.5
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.2.0
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.2.1
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.2.10
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.2.2
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.2.3
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.2.4
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.2.5
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.2.6
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.2.7
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.2.8
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.2.9
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.3.0
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.3.1
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.3.2
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.3.3
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.3.4
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.3.5
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.3.6
-
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml/csv:1.3.7