WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name vulnerability

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin = 7.37 - Authenticated Subscriber+ SQL Injection via File Name vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.37...

WordPress plugin WP Import – Ultimate CSV XML Importer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin WP...

WordPress WP Import – Ultimate CSV XML Importer for WordPress plugin <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import vulnerability

Authenticated Administrator+ PHP Object Injection via CSV Import vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.33.1...

EUVD-2015-1135

Malware in sbrugna...

EUVD-2018-13504

Malware in sbrugna...

EUVD-2015-9146

Malware in sbrugna...

WordPress WP Import – Ultimate CSV XML Importer plugin <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ FTP/SFTP Credential Exposure vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WP Ultimate CSV Importer versions = 7.27...

CVE-2023-4140

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'getheadervalues' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the...

CVE-2015-9306

The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS...

CVE-2015-10125

A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this...

Cross site request forgery (csrf)

A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this...

CVE-2015-10125

CVE-2015-10125 affects the WP Ultimate CSV Importer Plugin for WordPress (v3.7.2). The vulnerability is described as cross-site request forgery (CSRF) in an unknown part of the plugin, with remote initiation possible. The issue is addressed by upgrading to version 3.7.3, and the patch identifier ...

CVE-2015-10125 WP Ultimate CSV Importer Plugin cross-site request forgery

A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this...

WordPress Plugin WP Ultimate CSV Importer Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2023-10302 · WordPress · Wp Ultimate Csv Importer Plugin

Name of the Vulnerable Software and Affected Versions: WP Ultimate CSV Importer Plugin version 3.7.2 Description: A problematic vulnerability has been found in the WP Ultimate CSV Importer Plugin, affecting an unknown part, which leads to cross-site request forgery. The attack can be initiated...

WP Ultimate CSV Importer < 7.9.9 - Imported Files Disclosure

Description The plugin does not protect its imported files, which could allow unauthenticated users to list and view exported files...

CVE-2023-4142

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '-cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin...

CVE-2023-4142

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '-cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin...

Information disclosure

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported file...

Design/Logic Flaw

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'getheadervalues' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the...