Security Advisory

CVE-2023-7082

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-01-22 19:14:29

Last updated 2025-06-20 18:38:15

Assigner WPScan

State PUBLISHED

Description

The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code execution.

← Browse all CVEs View on cve.org ↗