{"containers":{"cna":{"affected":[{"product":"Import WP – Import and Export WordPress data to XML or CSV files","vendor":"Unknown","versions":[{"lessThan":"2.4.6","status":"affected","version":"2.4.6","versionType":"custom"}]}],"credits":[{"lang":"en","value":"ericfrank900528"}],"descriptions":[{"lang":"en","value":"The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-434","description":"CWE-434 Unrestricted Upload of File with Dangerous Type","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-05-02T16:05:55.000Z","orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan"},"references":[{"tags":["x_refsource_MISC"],"url":"https://wpscan.com/vulnerability/ad99b9ba-5f24-4682-a787-00f0e8e32603"}],"source":{"discovery":"EXTERNAL"},"title":"Import WP < 2.4.6 - Admin+ Arbitrary File Upload to RCE","x_generator":"WPScan CVE Generator","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"contact@wpscan.com","ID":"CVE-2022-1273","STATE":"PUBLIC","TITLE":"Import WP < 2.4.6 - Admin+ Arbitrary File Upload to RCE"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Import WP – Import and Export WordPress data to XML or CSV files","version":{"version_data":[{"version_affected":"<","version_name":"2.4.6","version_value":"2.4.6"}]}}]},"vendor_name":"Unknown"}]}},"credit":[{"lang":"eng","value":"ericfrank900528"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE"}]},"generator":"WPScan CVE Generator","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-434 Unrestricted Upload of File with Dangerous Type"}]}]},"references":{"reference_data":[{"name":"https://wpscan.com/vulnerability/ad99b9ba-5f24-4682-a787-00f0e8e32603","refsource":"MISC","url":"https://wpscan.com/vulnerability/ad99b9ba-5f24-4682-a787-00f0e8e32603"}]},"source":{"discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T23:55:24.599Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://wpscan.com/vulnerability/ad99b9ba-5f24-4682-a787-00f0e8e32603"}]}]},"cveMetadata":{"assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","assignerShortName":"WPScan","cveId":"CVE-2022-1273","datePublished":"2022-05-02T16:05:55.000Z","dateReserved":"2022-04-08T00:00:00.000Z","dateUpdated":"2024-08-02T23:55:24.599Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}