CVE-2022-1574

The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server
References
Configurations

Configuration 1

cpe:2.3:a:html2wp_project:html2wp:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-06-27 09:15

Updated : 2022-07-07 03:47


NVD link : CVE-2022-1574

Mitre link : CVE-2022-1574

Products Affected
No products.
CWE