Wp Ultimate Csv Importer
Approved changes feed: RSS · Atom
cpe:2.3:a:smackcoders:wp_ultimate_csv_importer:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Smackcoders (e878c6d9-526e-5971-b31d-cb731330415c) |
|---|---|
| Product | Wp Ultimate Csv Importer (325a63f5-3589-5b1b-8260-cb0432e100f7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/wp-plugins/wp-ultimate-csv-importer |
purl2cpe | 2026-06-01 10:17:46.600616 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-4142 |
vulnerable | 2026-06-03 14:53:27.375074 |
WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) Remote Code Execution
HIGH (8)
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution.
Published: 2023-08-04T02:04:30.714Z
Updated: 2026-04-08T17:27:31.396Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4141 |
vulnerable | 2026-06-03 14:53:27.374683 |
WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) PHP File Creation to Remote Code Execution
HIGH (8)
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution.
Published: 2023-08-04T02:04:28.826Z
Updated: 2026-04-08T17:17:06.072Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4140 |
vulnerable | 2026-06-03 14:53:27.374262 |
WP Ultimate CSV Importer <= 7.9.8 - Arbitrary Usermeta Update to Authenticated (Author+) Privilege Escalation
MEDIUM (6.6)
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter.
Published: 2023-08-04T02:04:24.655Z
Updated: 2026-04-08T16:56:27.576Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4139 |
vulnerable | 2026-06-03 14:53:27.373670 |
WP Ultimate CSV Importer <= 7.9.8 - Sensitive Information Exposure via Directory Listing
HIGH (7.5)
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported files.
Published: 2023-08-04T02:04:27.318Z
Updated: 2026-04-08T16:57:28.053Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.