CVE-2023-4140 WP Ultimate CSV Importer <= 7.9.8 - Arbitrary Usermeta Update to Authenticated (Author+) Privilege Escalation

🗓️ 04 Aug 2023 02:04:24Reported by WordfenceType

The WP Ultimate CSV Importer plugin for WordPress vulnerable to privilege escalation

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2023-4140	4 Aug 202307:45	–	circl
CNNVD	WordPress plugin WP Ultimate CSV Importer Security Vulnerability	4 Aug 202300:00	–	cnnvd
CVE	CVE-2023-4140	4 Aug 202302:04	–	cve
EUVD	EUVD-2023-54021	3 Oct 202520:07	–	euvd
NVD	CVE-2023-4140	4 Aug 202303:15	–	nvd
Patchstack	WordPress WP Ultimate CSV Importer Plugin <= 7.9.8 is vulnerable to Privilege Escalation	3 Aug 202300:00	–	patchstack
Prion	Design/Logic Flaw	4 Aug 202303:15	–	prion
Positive Technologies	PT-2023-27940 · WordPress · Wp Ultimate Csv Importer	4 Aug 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-4140	23 May 202505:53	–	redhatcve
Vulnrichment	CVE-2023-4140 WP Ultimate CSV Importer <= 7.9.8 - Arbitrary Usermeta Update to Authenticated (Author+) Privilege Escalation	4 Aug 202302:04	–	vulnrichment

[
  {
    "vendor": "smackcoders",
    "product": "WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "7.9.8",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.9.6/importExtensions/ImportHelpers.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/5fdba41f-daa5-44e8-bc47-aa8b7bd31054
plugins	www.plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php

08 Apr 2026 16:56Current

8.8High risk

Vulners AI Score8.8

CVSS 3.16.6

EPSS0.0012

CWE-269