cbcvebase.
CVE-2022-1565
published 2022-07-18

CVE-2022-1565: The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to…

PriorityP355high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
11.34%
95.4th percentile
The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.

Affected

1 ranges
VendorProductVersion rangeFixed in
wpallimportwp_all_import< 3.6.83.6.8

Detection & IOCsextracted from sources · hover to see the quote

filenamewp_all_import_get_gz.php
urlwp-admin/admin.php?page=pmxi-admin-settings&action=upload&_wpnonce=<wpnonce>
commandPOST wp-admin/admin.php?page=pmxi-admin-settings&action=upload&_wpnonce=<nonce> with multipart async-upload=<zip_payload>
  • ·The exploit requires administrator-level authentication. Detections based solely on the upload action may generate false positives from legitimate admin imports; correlate with the prior secure-mode-disable POST to reduce noise.
  • ·If the target site already has Secure Mode disabled, the exploit skips the settings-modification step entirely, meaning detections relying on the secure=0 POST will not fire.
  • ·The exploit re-enables Secure Mode after the upload to cover tracks; forensic analysis should check audit logs for the disable/re-enable cycle around the time of suspicious uploads.

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.