Login Sign Up

CVE-2023-7082

7.2 HIGH
Remote Code Execution

📋 TL;DR

The Import any XML or CSV File to WordPress plugin before version 3.7.3 has a vulnerability that allows administrators to upload ZIP files containing executable code, which gets automatically extracted to a publicly accessible directory. This can lead to remote code execution on the WordPress site. Only WordPress sites using vulnerable versions of this specific plugin are affected.

💻 Affected Systems

Products:
  • Import any XML or CSV File to WordPress
Versions: All versions before 3.7.3
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires administrator-level access to exploit. The vulnerability exists in the plugin's file upload and extraction functionality.

📦 What is this software?

Export Any Wordpress Data To Xml\/csv by Soflyy

View all CVEs affecting Export Any Wordpress Data To Xml\/csv →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with administrator credentials could upload malicious PHP files, gain full control of the WordPress server, and potentially compromise the entire hosting environment.

🟠

Likely Case

Compromised administrator accounts could upload web shells, leading to data theft, defacement, or further network penetration.

🟢

If Mitigated

With proper access controls and monitoring, exploitation would be detected and contained before significant damage occurs.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires administrator credentials. The vulnerability is straightforward to exploit once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.7.3

Vendor Advisory: https://wpscan.com/vulnerability/7f947305-7a72-4c59-9ae8-193f437fd04e/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Import any XML or CSV File to WordPress'. 4. Click 'Update Now' if available, or manually update to version 3.7.3 or later.

🔧 Temporary Workarounds

Disable the vulnerable plugin

all

Temporarily deactivate the plugin until it can be updated to a secure version.

wp plugin deactivate import-any-xml-or-csv-file-to-wordpress

Restrict file uploads

linux

Use .htaccess or web server configuration to block execution of uploaded files in the uploads directory.

<FilesMatch "\.(php|php5|php7|phtml|phar)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

🧯 If You Can't Patch

  • Remove administrator access from untrusted users and implement strong password policies
  • Implement file integrity monitoring on the WordPress uploads directory

🔍 How to Verify

Check if Vulnerable:

Check the plugin version in WordPress admin under Plugins > Installed Plugins. If version is below 3.7.3, the site is vulnerable.

Check Version:

wp plugin get import-any-xml-or-csv-file-to-wordpress --field=version

Verify Fix Applied:

Confirm the plugin version is 3.7.3 or higher in the WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to /wp-content/uploads/ directory
  • Administrator account login from unexpected locations
  • Execution of PHP files in uploads directory

Network Indicators:

  • HTTP POST requests to plugin upload endpoints with ZIP files
  • Requests to suspicious PHP files in uploads directory

SIEM Query:

source="web_server" AND (uri="/wp-admin/admin-ajax.php" AND post_data CONTAINS "action=import_any_xml_csv_file" OR uri MATCHES "/wp-content/uploads/.*\.php$")

📊 Metadata

CVE ID: CVE-2023-7082
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Published: January 22, 2024
Last Updated: June 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON