Lucene search

PRIOn knowledge basePRION:CVE-2015-10125

HistoryOct 05, 2023 - 11:15 p.m.

Cross site request forgery (csrf)

2023-10-0523:15:00

PRIOn knowledge base

www.prio-n.com

vulnerability

wp ultimate csv importer plugin

upgrade

remote attack

cross-site request forgery

version 3.7.3

patch identifier

vdb-241317

nvd

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

22.0%

JSON

A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability.

CPENameOperatorVersion
import_all_pages\\,_post_types\\,_products\\,_orders\\,_and_users_as_xml_\\&_csvlt3.7.3

CPE	Name	Operator	Version
	import_all_pages\\,_post_types\\,_products\\,_orders\\,_and_users_as_xml_\\&_csv	lt	3.7.3

References

github.com/wp-plugins/wp-ultimate-csv-importer/commit/13c30af721d3f989caac72dd0f56cf0dc40fad7e

github.com/wp-plugins/wp-ultimate-csv-importer/releases/tag/3.7.3

vuldb.com/?ctiid.241317

vuldb.com/?id.241317