5078 matches found
CVE-2023-4140
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'getheadervalues' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the...
CVE-2023-4141
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '-cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin...
CVE-2023-4142
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '-cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin...
Information disclosure
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported file...
Design/Logic Flaw
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'getheadervalues' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the...
Remote code execution
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '-cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin...
Remote code execution
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '-cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin...
CVE-2023-4142
CVE-2023-4142 affects WP Ultimate CSV Importer for WordPress up to version 7.9.8, enabling authenticated attackers with author-level permissions (or higher) to execute code on the server via the ->cus1 parameter. RedHat/PRION/Wordfence references confirm the vulnerability, with the publisher n...
CVE-2023-4142 WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) Remote Code Execution
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '-cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin...
CVE-2023-4141
WP Ultimate CSV Importer for WordPress is affected by CVE-2023-4141. The vulnerability allows RCE via the cus2 parameter when an authenticated user with author-level permissions or higher has plugin import access granted by an administrator. The issue arises from file creation capabilities that c...
CVE-2023-4139
The WP Ultimate CSV Importer plugin for WordPress is affected by CVE-2023-4139 (WP Ultimate CSV Importer) and exposes exported files via directory listing due to missing restrictions in the export folder. Affected versions are up to 7.9.8. Unauthenticated attackers could list/view exported files....
CVE-2023-4139 WP Ultimate CSV Importer <= 7.9.8 - Sensitive Information Exposure via Directory Listing
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported file...
CVE-2023-4140
The CVE-2023-4140 entry pertains to the WP Ultimate CSV Importer WordPress plugin. A privilege-escalation flaw exists in versions up to and including 7.9.8 due to insufficient restriction on the get_header_values function. Authenticated users with minimal permissions (e.g., authors), if an admini...
CVE-2023-4140 WP Ultimate CSV Importer <= 7.9.8 - Arbitrary Usermeta Update to Authenticated (Author+) Privilege Escalation
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'getheadervalues' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the...
WordPress plugin WP Ultimate CSV Importer Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
WordPress plugin WP Ultimate CSV Importer Code Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
WordPress plugin WP Ultimate CSV Importer Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2023-27940 · WordPress · Wp Ultimate Csv Importer
Name of the Vulnerable Software and Affected Versions: WP Ultimate CSV Importer plugin for WordPress versions up to, and including, 7.9.8 Description: The issue is related to privilege escalation due to insufficient restriction on the get header values function. This allows authenticated attacker...
WordPress plugin WP Ultimate CSV Importer Code Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code injection vulnerability exists in the...
WordPress WP Ultimate CSV Importer Plugin <= 7.9.8 is vulnerable to Remote Code Execution (RCE)
Software WP Ultimate CSV Importer Type Plugin Vulnerable versions = 7.9.8 Fixed in 7.9.9 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4141 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 3305b62d3bbf Credits István Márton Required...