CVE-2022-1273
Import WP < 2.4.6 - Admin+ Arbitrary File Upload to RCE
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 1.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
02 May 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →