Skip to main content

Wp Ultimate Csv Importer

4 CVEs product

Monthly

CVE-2023-4142 HIGH PATCH This Week

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

WordPress RCE Code Injection Wp Ultimate Csv Importer
NVD VulDB
CVSS 3.1
8.0
EPSS
4.6%
CVE-2023-4141 HIGH PATCH This Week

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

WordPress PHP RCE Code Injection Wp Ultimate Csv Importer
NVD VulDB
CVSS 3.1
8.0
EPSS
4.6%
CVE-2023-4140 MEDIUM PATCH This Month

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

WordPress Privilege Escalation Wp Ultimate Csv Importer
NVD VulDB
CVSS 3.1
6.6
EPSS
0.1%
CVE-2023-4139 HIGH PATCH This Week

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Wp Ultimate Csv Importer
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
EPSS 5% CVSS 8.0
HIGH PATCH This Week

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

WordPress RCE Code Injection +1
NVD VulDB
EPSS 5% CVSS 8.0
HIGH PATCH This Week

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

WordPress PHP RCE +2
NVD VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

WordPress Privilege Escalation Wp Ultimate Csv Importer
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Wp Ultimate Csv Importer
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy