WP All Import <= 3.2.3 - RCE
Sign up to our free email alerts service for instant vulnerability notifications!| Description | WP All Import does not properly verify that a user has permission to execute functions. Coupled with an interesting method that allows arbitrary functions in specific objects to be called allows this to be leveraged in many ways. |
Affects
| Plugin |
wp-all-import
fixed in version 3.2.4
|
References
| PACKETSTORM | 130596 |
| URL | http://www.wpallimport.com/2015/02/wp-import-4-1-1-mandatory-security-update/ |
| URL | http://www.pritect.net/blog/wp-all-import-vulnerability |
Classification
| Type | RCE |
| OWASP Top 10 | A1: Injection |
| CWE | CWE-94 |
Miscellaneous
| Submitter | James Golovich |
| Submitter Website | http://www.pritect.net |
| Views | 197 |
| Verified | No |
| WPVDB ID | 7809 |
Timeline
| Publicly Published | 2015-02-26 (over 2 years ago) |
| Added | 2015-02-26 (over 2 years ago) |
| Last Updated | 2015-05-15 (about 2 years ago) |
Copyright & License
| Copyright | All data and resources contained within this page and this web site is Copyright © The WPScan Team. |
| License | Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us. |
