VYPR

Wp Ultimate CSV Importer

by WordPress

Source repositories

CVEs (18)

  • CVE-2025-10057HigSep 17, 2025
    risk 0.50cvss 8.8epss 0.01

    The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.28. This is due to the write_to_customfile() function writing unfiltered PHP code to a file. This makes it possible for…

  • CVE-2025-2008HigApr 1, 2025
    risk 0.50cvss 8.8epss 0.01

    The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import_single_post_as_csv() function in all versions up to, and including, 7.19. This makes it possible for authenticated…

  • CVE-2025-2007HigApr 1, 2025
    risk 0.47cvss 8.1epss 0.01

    The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers,…

  • CVE-2025-10058HigSep 17, 2025
    risk 0.46cvss 8.1epss 0.01

    The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the upload_function() function in all versions up to, and including, 7.27. This makes it possible for authenticated…

  • CVE-2023-4142HigAug 4, 2023
    risk 0.45cvss 8.0epss 0.01

    The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access…

  • CVE-2023-4141HigAug 4, 2023
    risk 0.45cvss 8.0epss 0.01

    The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access…

  • CVE-2025-10040HigSep 10, 2025
    risk 0.43cvss 7.7epss 0.00

    The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ftp_details' AJAX action in all versions up to, and including, 7.27. This makes it possible for authenticated…

  • CVE-2023-4139HigAug 4, 2023
    risk 0.42cvss 7.5epss 0.01

    The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and…

  • CVE-2023-4140MedAug 4, 2023
    risk 0.36cvss 6.6epss 0.01

    The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such…

  • CVE-2026-1317MedFeb 18, 2026
    risk 0.35cvss 6.5epss 0.00

    The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the `file_name` parameter which is stored in the database during file upload and…

  • CVE-2025-14627MedJan 1, 2026
    risk 0.35cvss 6.4epss 0.00

    The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.35. This is due to inadequate validation of the resolved URL after following Bitly shortlink redirects in the…

  • CVE-2025-12732MedNov 12, 2025
    risk 0.21cvss 4.3epss 0.00

    The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of sensitive information due to a missing authorization check on the showsetting() function in all versions up to, and including, 7.33. This makes it possible for…

  • CVE-2015-10125Oct 5, 2023
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able…

  • CVE-2022-3418Nov 7, 2022
    risk 0.00cvss epss 0.01

    The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files

  • CVE-2022-1470Jun 27, 2022
    risk 0.00cvss epss 0.01

    The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting

  • CVE-2022-0360Feb 28, 2022
    risk 0.00cvss epss 0.01

    The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues

  • CVE-2018-20967Aug 14, 2019
    risk 0.00cvss epss 0.01

    The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.

  • CVE-2015-9306Aug 12, 2019
    risk 0.00cvss epss 0.01

    The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS.