MidnightBSD

Advisories for ocdi

CVE-2022-1008 MEDIUM

The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
ocdi one_click_demo_import *
CVE-2024-34433

Deserialization of Untrusted Data vulnerability in OCDI One Click Demo Import.This issue affects One Click Demo Import: from n/a through 3.2.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 4.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N 1.3 2.7

Products Affected

Vendor Product Version
ocdi one_click_demo_import *