3 matches found
CVE-2023-4140
The CVE-2023-4140 entry pertains to the WP Ultimate CSV Importer WordPress plugin. A privilege-escalation flaw exists in versions up to and including 7.9.8 due to insufficient restriction on the get_header_values function. Authenticated users with minimal permissions (e.g., authors), if an admini...
CVE-2023-4140 WP Ultimate CSV Importer <= 7.9.8 - Arbitrary Usermeta Update to Authenticated (Author+) Privilege Escalation
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'getheadervalues' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the...
WordPress WP Ultimate CSV Importer Plugin <= 7.9.8 is vulnerable to Privilege Escalation
Software WP Ultimate CSV Importer Type Plugin Vulnerable versions = 7.9.8 Fixed in 7.9.9 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2023-4140 Patch priority Medium CVSS severity Medium 6.6 Developer Claim ownership PSID 2cf9cad320b2 Credits István Márton...