CVE-2022-2711: Path Traversal Vulnerability in Import Any XML or CSV File to WordPress Plugin

A newly discovered vulnerability labeled CVE-2022-2711 has been identified in the Import any XML or CSV File to WordPress plugin for versions before 3.6.9. The vulnerability allows highly privileged users, such as administrators, to write arbitrary files to any part of the accessible file system through a path traversal vector. This article provides a comprehensive breakdown of the exploit, original references, remediation, and code snippets related to this vulnerability.

Vulnerability Details

The vulnerability exists because the plugin does not validate the paths of files contained in uploaded zip archives properly. This means that an attacker can manipulate the file paths and potentially overwrite crucial system files or gain unauthorized access to sensitive data. In order to exploit this vulnerability, an attacker needs to have a high level of privileges, such as being an administrator of the WordPress site.

The following code snippet illustrates how the vulnerability could be exploited

// Vulnerable code in Import any XML or CSV File to WordPress plugin
function process_zip_archive($zip_file_path) {
    $zip_archive = new ZipArchive();
    
    if ($zip_archive->open($zip_file_path) === TRUE) {
        for ($i = ; $i < $zip_archive->numFiles; ++$i) {
            $file_info = $zip_archive->statIndex($i);
            $file_path = $file_info['name'];
            // No validation of $file_path, potentially leading to path traversal
            file_put_contents($file_path, $zip_archive->getFromIndex($i));
        }
        $zip_archive->close();
    }
}

Original References

- CVE-2022-2711 – National Vulnerability Database Entry
- WPVDB ID 5c94ad36-1c61-4c46-9f33-decfa8e933b - WPScan Vulnerability Database Entry
- Plugin Homepage - Official plugin site on WordPress.org

Exploit Details

The exploitation of this vulnerability requires a highly privileged account, such as an administrator. The attacker would need to create a malicious zip file containing an XML or CSV file along with other potentially harmful files but with crafted file paths. Once uploaded via the Import any XML or CSV File to WordPress plugin, these files could be written to unintended locations on the server, leading to further exploitation or compromise.

Mitigation and Remediation

The developers of the Import any XML or CSV File to WordPress plugin have released version 3.6.9, which addresses this vulnerability. Site administrators should update the plugin as soon as possible to prevent exploitation. The latest version can be downloaded from the plugin's official page on the WordPress plugin repository:

https://wordpress.org/plugins/wp-all-import/

Conclusion

CVE-2022-2711 is a critical path traversal vulnerability affecting the Import any XML or CSV File to WordPress plugin versions before 3.6.9. This vulnerability allows highly privileged users to write arbitrary files to the system, potentially causing additional compromise. It is highly recommended to update the plugin to the latest version (3.6.9) and follow best security practices to ensure the safety of your WordPress installation.

Timeline

Published on: 11/07/2022 10:15:00 UTC
Last modified on: 11/09/2022 20:04:00 UTC