3 matches found
CVE-2023-4141
WP Ultimate CSV Importer for WordPress is affected by CVE-2023-4141. The vulnerability allows RCE via the cus2 parameter when an authenticated user with author-level permissions or higher has plugin import access granted by an administrator. The issue arises from file creation capabilities that c...
CVE-2023-4141 WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) PHP File Creation to Remote Code Execution
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '-cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin...
WordPress WP Ultimate CSV Importer Plugin <= 7.9.8 is vulnerable to Remote Code Execution (RCE)
Software WP Ultimate CSV Importer Type Plugin Vulnerable versions = 7.9.8 Fixed in 7.9.9 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4141 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 3305b62d3bbf Credits István Márton Required...