CVE-2020-36849
published 2025-07-12CVE-2020-36849: The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the…
PriorityP275critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
4.66%
90.6th percentile
The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ait-themes | csv_import_export | <= 3.0.3 | — |
| ait_themes | ait_csv_import_export | <= 3.0.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The upload-handler endpoint does not require authentication; monitor for unauthenticated POST requests to /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php from any source. ↗
- →Alert on PHP files appearing in wp-content/uploads/ — this is the drop location for the webshell after a successful exploit. ↗
- →The plugin does not need to be activated for exploitation; presence of the plugin directory alone is sufficient attack surface. ↗
- →Even if the server returns a CSV parse error in the response, the uploaded PHP shell is retained on disk — do not rely on HTTP error responses as evidence of failed exploitation. ↗
- ·Affects AIT CSV Import/Export plugin versions up to and including 3.0.3; versions beyond 3.0.3 are not confirmed vulnerable. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/wp_ait_csv_rce.rbhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/wp_ait_csv_rce.rbhttps://wpscan.com/vulnerability/36e699a4-91f2-426d-ba14-26036fbfeaeahttps://www.acunetix.com/vulnerabilities/web/wordpress-plugin-ait-themes-csv-import-export-arbitrary-file-upload-3-0-3/https://www.ait-themes.club/wordpress-plugins/csv-import-export/https://www.wordfence.com/threat-intel/vulnerabilities/id/cece751c-400d-42b4-9438-950d5aca51fc?source=cvehttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/wp_ait_csv_rce.rb
2025-07-12
Published