CVE-2025-4190
CVE-2025-4190 affects the WordPress plugin CSV Mass Importer (v ≤ 1.2). The issue is improper validation of uploaded files, allowing high-privilege users (e.g., admins) to upload arbitrary files on the server (notably in multisite setups). Several sources confirm an admin+ arbitrary file upload v...