CVE-2024-13562

Published Jan 25, 2025

Last updated 23 days ago

CVSS high 7.5

Overview

Description: The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/ directory which can contain information like imported or local user data and files.
Source: security@wordfence.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

security@wordfence.com: CWE-200
nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

CVE-2024-13562 The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and inclu… https://t.co/Js6KRkvDqT
@CVEnew
25 Jan 2025
513 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:importwp:import_wp:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "539D6D15-6D2D-483A-BDC3-35EC74FF0FFA",
            "versionEndExcluding": "2.14.6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References