EUVD-2015-1135

Malware in sbrugna...

EUVD-2015-9146

Malware in sbrugna...

EUVD-2018-13504

Malware in sbrugna...

WordPress WP Import – Ultimate CSV XML Importer plugin <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ FTP/SFTP Credential Exposure vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WP Ultimate CSV Importer versions = 7.27...

CVE-2015-9306

The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS...

CVE-2015-10125

A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this...

Cross site request forgery (csrf)

A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this...

CVE-2015-10125

CVE-2015-10125 affects the WP Ultimate CSV Importer Plugin for WordPress (v3.7.2). The vulnerability is described as cross-site request forgery (CSRF) in an unknown part of the plugin, with remote initiation possible. The issue is addressed by upgrading to version 3.7.3, and the patch identifier ...

CVE-2015-10125 WP Ultimate CSV Importer Plugin cross-site request forgery

A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this...

WP Ultimate CSV Importer < 7.9.9 - Imported Files Disclosure

Description The plugin does not protect its imported files, which could allow unauthenticated users to list and view exported files...

CVE-2023-4142

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '-cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin...

Design/Logic Flaw

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'getheadervalues' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the...

Information disclosure

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported file...

CVE-2023-4142

CVE-2023-4142 affects WP Ultimate CSV Importer for WordPress up to version 7.9.8, enabling authenticated attackers with author-level permissions (or higher) to execute code on the server via the -&gt;cus1 parameter. RedHat/PRION/Wordfence references confirm the vulnerability, with the publisher n...

CVE-2023-4142 WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) Remote Code Execution

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '-cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin...

CVE-2023-4141

WP Ultimate CSV Importer for WordPress is affected by CVE-2023-4141. The vulnerability allows RCE via the cus2 parameter when an authenticated user with author-level permissions or higher has plugin import access granted by an administrator. The issue arises from file creation capabilities that c...

CVE-2023-4139

The WP Ultimate CSV Importer plugin for WordPress is affected by CVE-2023-4139 (WP Ultimate CSV Importer) and exposes exported files via directory listing due to missing restrictions in the export folder. Affected versions are up to 7.9.8. Unauthenticated attackers could list/view exported files....

CVE-2023-4140

The CVE-2023-4140 entry pertains to the WP Ultimate CSV Importer WordPress plugin. A privilege-escalation flaw exists in versions up to and including 7.9.8 due to insufficient restriction on the get_header_values function. Authenticated users with minimal permissions (e.g., authors), if an admini...

WordPress WP Ultimate CSV Importer Plugin <= 7.9.8 is vulnerable to Sensitive Data Exposure

Software WP Ultimate CSV Importer Type Plugin Vulnerable versions = 7.9.8 Fixed in 7.9.9 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-4139 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 438988920d4b Credits István Márton...

CVE-2022-0360

CVE-2022-0360 affects the WordPress plugin WP Ultimate CSV Importer (versions prior to 6.4.3). The root cause is failure to sanitise and escape imported comments, enabling stored Cross-Site Scripting (XSS) by high-privilege users who import malicious comments. Documented evidence shows an admin+ ...