CVE-2022-3244
Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation
Severity Score
Exploit Likelihood
Affected Versions
1Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce
El plugin Import all XML, CSV & TXT de WordPress versiones anteriores a 6.5.8 no presenta autorización en algunos lugares, lo que podrÃa permitir a cualquier usuario autenticado acceder a algunas de las funciones del plugin si consigue conseguir el nonce relacionado
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on some of its functions in versions up to, and including, 6.5.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke them if they are able to obtain a valid nonce.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-20 CVE Reserved
- 2022-09-20 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-862: Missing Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|