CVE-2022-1273 – Import WP < 2.4.6 - Admin+ Arbitrary File Upload to RCE

https://notcve.org/view.php?id=CVE-2022-1273

The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE El plugin Import WP de WordPress versiones anteriores a 2.4.6, no comprueba el archivo importado en algunos casos, permitiendo a usuarios muy privilegiados, como los administradores, cargar archivos arbitrarios (como PHP), conllevando a un ataque de RCE The Import WP – Import and Export WordPress data to XML or CSV files plugin for WordPress is vulnerable to arbitrary file upload via high level authenticated users in versions up to, and including, 2.4.5. • https://wpscan.com/vulnerability/ad99b9ba-5f24-4682-a787-00f0e8e32603 • CWE-434: Unrestricted Upload of File with Dangerous Type •