The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector.
                
            Metrics
Affected Vendors & Products
References
        History
                    Mon, 05 May 2025 21:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: WPScan
Published: 2022-11-07T00:00:00.000Z
Updated: 2025-05-05T20:25:41.104Z
Reserved: 2022-08-08T00:00:00.000Z
Link: CVE-2022-2711
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-08-03T00:46:03.827Z
 NVD
                        NVD
                    Status : Modified
Published: 2022-11-07T10:15:11.480
Modified: 2025-05-05T21:15:46.147
Link: CVE-2022-2711
 Redhat
                        Redhat
                    No data.