CVE-2020-36849 – WordPress AIT CSV Import/Export Plugin Arbitrary File Upload Vulnerability

July 12, 2025

CVE ID : CVE-2020-36849

Published : July 12, 2025, 12:15 p.m. | 5 hours, 44 minutes ago

Description : The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2021-4458 – WordPress Modern Events Calendar Lite SQL Injection

Next Article CVE-2025-7470 – Campcodes Sales and Inventory System Remote File Upload Vulnerability

Akka introduces platform for distributed agentic AI

Design Patterns For AI Interfaces

Amazon launches spec-driven AI IDE, Kiro

This week in AI dev tools: Gemini API Batch Mode, Amazon SageMaker AI updates, and more (July 11, 2025)

ChatGPT falls for another Windows license key scam — generating valid codes in a guessing game after a researcher “gives up”

Germany wants Google and Apple to ban China’s “illegal” DeepSeek AI — after it failed to comply with data protection laws

Microsoft’s extra year of free Windows 10 security updates feels like a last-minute snooze button — while groups like “The Restart Project” still want to help users

The Xbox Ally and Xbox Ally X prices may have leaked — and if true, it’s not as bad as I thought

The details of TC39’s last meeting

The details of TC39’s last meeting

Modern async iteration in JavaScript with Array.fromAsync()

Vite vs Webpack: A Guide to Choosing the Right Bundler

LocalStack is a cloud service emulator

LocalStack is a cloud service emulator

Sysdig – dig deeper

minnow – simple and fairly weak chess engine

CVE-2020-36849 – WordPress AIT CSV Import/Export Plugin Arbitrary File Upload Vulnerability

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms

Surfshark is our pick for best value VPN, and you can save up to 87% on plans right now

Perficient is Shaping the Future of Salesforce Innovation

OneDrive and SharePoint users can now connect their files to ChatGPT’s Deep Research

CVE-2024-13381 – WordPress Calculated Fields Form Stored Cross-Site Scripting Vulnerability

CVE-2025-50149 – Apache HTTP Server Information Disclosure

Gemini 2.0 is now available to everyone

CVE-2025-4820 – Cloudflare Quiche TCP Congestion Window Manipulation Vulnerability

CVE-2025-6644 – PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability

CVE-2020-36849 – WordPress AIT CSV Import/Export Plugin Arbitrary File Upload Vulnerability

Related Posts