PT-2022-23345 · WordPress · Soflyy Import Any Xml/Csv File To Wordpress
Universe
·
Published
2022-09-21
·
Updated
2022-09-23
·
CVE-2022-36386
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Soflyy Import any XML or CSV File to WordPress plugin versions <= 3.6.7
Description
The issue is related to an Authenticated Arbitrary Code Execution vulnerability. This allows for the execution of arbitrary code by an authenticated user.
Recommendations
For Soflyy Import any XML or CSV File to WordPress plugin versions <= 3.6.7, update to a version greater than 3.6.7 to resolve the issue.
Fix
Unrestricted File Upload
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Soflyy Import Any Xml/Csv File To Wordpress