vendor:
XML and CSV Import in Article Content
by:
Wadeek
5.5
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: XML and CSV Import in Article Content
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:wordpress:xml_and_csv_import_in_article_content
Platforms Tested: Xampp on Windows7
WordPress Import CSV | Directory Traversal
The vulnerability allows an attacker to traverse directories and access sensitive files on the server. In this case, the exploit allows accessing the wp-config.php file.
Mitigation:
The plugin should validate and sanitize user input to prevent directory traversal attacks. It is recommended to update the plugin to the latest version or remove it if not in use.