CVE-2022-2711

CVE-2022-2711: WP All Import < 3.6.9 - Admin+ Directory traversal via file upload

Vendor Unknown
Product Import any XML or CSV File to WordPress
Weakness CWE-22 · Path traversal
Published November 7, 2022
Last update May 5, 2025

CVSS base score

What the vulnerability does

01Description

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector.

Key dates

02Disclosure timeline

November 7, 2022 CVE published
May 5, 2025 Record updated