cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-31939,https://securityvulnerability.io/vulnerability/CVE-2024-31939,Cross-Site Request Forgery (CSRF) Vulnerability in Soflyy's Import any XML or CSV File to WordPress,"Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3. ",Wordpress,Import Any Xml Or Csv File To WordPress,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-10T19:17:54.335Z,0 CVE-2023-7082,https://securityvulnerability.io/vulnerability/CVE-2023-7082,WP All Import < 3.7.3 - Admin+ Arbitrary File Upload to RCE,"The Import any XML or CSV File to WordPress plugin is vulnerable due to inadequate validation of file types when accepting zip files. This vulnerability allows high privilege users, such as administrators, to upload malicious executable files. Upon upload, these files are automatically extracted into a publicly accessible directory, potentially compromising the security of the WordPress site. Addressing this vulnerability is crucial to prevent unauthorized access and maintain the integrity of the platform.",Wordpress,Import any XML or CSV File to WordPress,7.2,HIGH,0.0021800000686198473,false,,false,false,true,true,false,false,2024-01-22T19:14:29.189Z,0 CVE-2022-2711,https://securityvulnerability.io/vulnerability/CVE-2022-2711,WP All Import < 3.6.9 - Admin+ Directory traversal via file upload,"The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector.",Wordpress,Import Any Xml Or Csv File To WordPress,7.2,HIGH,0.0012700000079348683,false,,false,false,false,,false,false,2022-11-07T00:00:00.000Z,0 CVE-2022-3418,https://securityvulnerability.io/vulnerability/CVE-2022-3418,WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE,"The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files",Wordpress,Import Any Xml Or Csv File To WordPress,7.2,HIGH,0.001509999972768128,false,,false,false,false,,false,false,2022-11-07T00:00:00.000Z,0 CVE-2022-2146,https://securityvulnerability.io/vulnerability/CVE-2022-2146,Import CSV Files <= 1.0 - Reflected Cross-Site Scripting,"The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting",Wordpress,Import Csv Files,6.1,MEDIUM,0.0007600000244565308,false,,false,false,false,,false,false,2022-07-17T10:36:27.000Z,0 CVE-2022-2268,https://securityvulnerability.io/vulnerability/CVE-2022-2268,WP All Import < 3.6.8 - Admin+ Arbitrary File Upload,"The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE",Wordpress,Import Any Xml Or Csv File To WordPress,7.2,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2022-07-04T13:06:04.000Z,0 CVE-2022-36386,https://securityvulnerability.io/vulnerability/CVE-2022-36386,WordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerability,Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.,Wordpress,Import Any Xml Or Csv File To WordPress (WordPress Plugin),9.1,CRITICAL,0.0011399999493733048,false,,false,false,false,,false,false,2022-06-28T00:00:00.000Z,0 CVE-2022-1273,https://securityvulnerability.io/vulnerability/CVE-2022-1273,Import WP < 2.4.6 - Admin+ Arbitrary File Upload to RCE,"The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE",Wordpress,Import WP – Import And Export WordPress Data To Xml Or Csv Files,7.2,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2022-05-02T16:05:55.000Z,0 CVE-2021-24714,https://securityvulnerability.io/vulnerability/CVE-2021-24714,WP All Import < 3.6.3 - Admin+ Stored Cross-Site Scripting,"The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfiltered_html capability is disallowed.",Wordpress,Import Any Xml Or Csv File To WordPress,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-12-06T15:55:23.000Z,0