A plugin called “Import WP – Export and Import CSV and XML files to WordPress” has a security flaw in all versions up to 2.14.16. This means that anyone with administrator-level access can read important files on the server, such as configuration files and system files. This is because the plugin’s REST API allows for absolute file paths to be entered without proper validation.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
