WordPress Plugin Vulnerabilities

Rara One Click Demo Import < 1.3.0 - Arbitrary File Upload via CSRF

Description

The plugin does not have CSRF check when uploading files, which could allow attackers to make a logged in admin upload arbitrary files via a CSRF attack

Affects Plugins

Plugin icon
rara-one-click-demo-import
Fixed in 1.3.0

References

CVE
CVE-2022-29451

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Original Researcher
BEE-K
Verified
Yes
WPVDB ID
9a9a075e-7ba7-4128-b055-c2332fe78e33

Timeline

Publicly Published
2022-04-21 (about 4 years ago)
Added
2022-04-30 (about 4 years ago)
Last Updated
2022-05-01 (about 4 years ago)

Other

Published
Title
Published
2025-12-08
Title
Flashy Marketing Automation < 2.0.9 - Cross-Site Request Forgery
Published
2014-08-01
Title
Conditional CAPTCHA 3.6 - wp-conditional-captcha.php Settings Page CSRF
Published
2024-04-25
Title
Payment Gateway Based Fees and Discounts for WooCommerce < 2.12.2 - Cross-Site Request Forgery to Notice Dismissal
Published
2014-09-19
Title
WordPress File Upload < 2.4.2 - Cross-Site Request Forgery (CSRF)
Published
2025-02-03
Title
WP Keyword Monitor <= 1.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting