CVE-2016-10943
No known patch is available for this vulnerability.
The affected plugin has been removed from the WordPress.org directory (reason: Unknown), and no patched version is being distributed through the official directory. If you have the affected software installed, you should uninstall or replace it rather than wait for an update.
Description
SQL injection vulnerability in WordPress zx-csv-upload plugin 1 via id parameter allows unauthenticated attackers to execute arbitrary SQL commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection vulnerability in WordPress zx-csv-upload plugin 1 via id parameter allows unauthenticated attackers to execute arbitrary SQL commands.
Vulnerability
The WordPress plugin zx-csv-upload (version 1) contains an SQL injection vulnerability in the id parameter. The plugin does not properly sanitize user input before using it in SQL queries. As a result, an attacker can inject malicious SQL commands.
Exploitation
An unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable endpoint with a malicious id parameter. No authentication or user interaction is required.
Impact
Successful exploitation allows an attacker to read, modify, or delete arbitrary data from the database, potentially leading to full compromise of the WordPress installation.
Mitigation
The plugin has been closed and removed from the WordPress.org plugin repository as of August 3, 2015 [1]. No patched version is available. Users should immediately uninstall and remove the plugin from their installations [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- WordPress/zx-csv-upload plugindescription
- Range: <=1
Patches
0zx-csv-uploadThis plugin has been removed from the WordPress.org directory on 2015-08-03 (reason: Unknown). No patched version is being distributed through the official directory. Users who have it installed should uninstall it.
Source: api.wordpress.org · directory page
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- lenonleite.com.br/en/2016/12/16/english-zx_csv-upload-1-plugin-wordpress-sql-injection/mitrex_refsource_MISC
- wordpress.org/plugins/zx-csv-upload/mitrex_refsource_MISC
- wpvulndb.com/vulnerabilities/8702mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.