Vulnerabilities > CVE-2023-7082 - Unspecified vulnerability in Soflyy Export ANY Wordpress Data to Xml/Csv

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
soflyy

Summary

The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code execution.

Vulnerable Configurations

Part Description Count
Application
Soflyy
37