CVE-2022-1565

The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/changeset/2749264/wp-all-import/trunk?contextall=1&old=2737093&old_path=%2Fwp-all-import%2Ftrunk	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/5d281333-d9af-4eb7-bc5c-ea7ceeddac03?source=cve	Third Party Advisory
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1565	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wpallimport:wp_all_import:*:*:*:*:*:wordpress:*:*

History

24 Oct 2023, 20:37

Type	Values Removed	Values Added
CWE		CWE-434
References	~~(MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/5d281333-d9af-4eb7-bc5c-ea7ceeddac03?source=cve -~~	(MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/5d281333-d9af-4eb7-bc5c-ea7ceeddac03?source=cve - Third Party Advisory

20 Oct 2023, 16:15

Type	Values Removed	Values Added
CWE	~~CWE-434~~
References	{'url': 'http://packetstormsecurity.com/files/171578/WordPress-WP-All-Import-3.6.7-Remote-Code-Execution.html', 'name': 'http://packetstormsecurity.com/files/171578/WordPress-WP-All-Import-3.6.7-Remote-Code-Execution.html', 'tags': [], 'refsource': 'MISC'}	(MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/5d281333-d9af-4eb7-bc5c-ea7ceeddac03?source=cve -

Information

Published : 2022-07-18 17:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-1565

Mitre link : CVE-2022-1565

CVE.ORG link : CVE-2022-1565

JSON object : View

Products Affected

wpallimport

wp_all_import

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2022-1565", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2022-07-18T17:15:08.537", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/2749264/wp-all-import/trunk?contextall=1&old=2737093&old_path=%2Fwp-all-import%2Ftrunk", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d281333-d9af-4eb7-bc5c-ea7ceeddac03?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1565", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible."}, {"lang": "es", "value": "El plugin WP All Import es vulnerable a ua carga de archivos arbitrarios debido a una falta de comprobaci\u00f3n del tipo de archivo por medio del archivo wp_all_import_get_gz.php en versiones hasta 3.6.7 incluy\u00e9ndola. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, suban archivos arbitrarios en el servidor de los sitios afectados, lo que puede hacer posible una ejecuci\u00f3n de c\u00f3digo remota"}], "lastModified": "2023-11-07T03:42:00.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wpallimport:wp_all_import:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "BF8F1680-CC1F-4DBA-B3BD-79EA067F7F3B", "versionEndExcluding": "3.6.8"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}