Arbitrary File Upload Vulnerability in Import WP WordPress Plugin (CVE-2021-XXXX)

Arbitrary File Upload Vulnerability in Import WP WordPress Plugin (CVE-2021-XXXX)

CVE-2022-1273 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE

Learn more about our Wordpress Pen Testing.