CVE-2022-3244

State: PUBLISHED · Published: 2022-10-17 · Updated: 2025-05-13 · Assigner: WPScan

Description

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce

CWE

CWE-862 — CWE-862 Missing Authorization

Affected

Unknown / Import all XML, CSV & TXT into WordPress — v=6.5.8 <6.5.8 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/de4bc449-3dd4-4776-943f-ac59ae813132

Source

cvelistV5-main/cves/2022/3xxx/CVE-2022-3244.json