CVE-2023-7082 | WP All Import < 3.7.3 - Admin+ Arbitrary File Upload to RCE
Exp
The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code execution.
Conclusion & alert: CVE-2023-7082 is rated High Exploit Risk (64.2/100): CVSS High severity, with medium exploitation likelihood (EPSS 1.23%).Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB).Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Public exploit references (Exploit-DB) for CVE-2023-7082
Exploit prediction scoring system (EPSS) score for CVE-2023-7082
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).