Import any XML or CSV File to WordPress <= 3.2.3 - RCE
Description | WP All Import does not properly verify that a user has permission to execute functions. Coupled with an interesting method that allows arbitrary functions in specific objects to be called allows this to be leveraged in many ways. |
Affects Plugin
fixed in version 3.2.4
|
References
PACKETSTORM | 130596 |
URL | http://www.wpallimport.com/2015/02/wp-import-4-1-1-mandatory-security-update/ |
URL | http://www.pritect.net/blog/wp-all-import-vulnerability |
Classification
Type | RCE |
OWASP Top 10 | A1: Injection |
CWE | CWE-94 |
Miscellaneous
Submitter | James Golovich |
Submitter Website | http://www.pritect.net |
Views | 2001 |
Verified | No |
WPVDB ID | 7809 |
Timeline
Publicly Published | 2015-02-26 (almost 4 years ago) |
Added | 2015-02-26 (almost 4 years ago) |
Last Updated | 2017-10-17 (over 1 year ago) |
Copyright & License
Copyright | All data and resources contained within this page and this web site is Copyright © The WPScan Team. |
License | Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us. |