Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv
(Smackcoders)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 7 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-10-05 | CVE-2015-10125 | A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability. | Import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv | 8.8 | ||
| 2022-06-27 | CVE-2022-1977 | The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks | Import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv | 7.2 | ||
| 2022-10-17 | CVE-2022-3243 | The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin | Import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv | 7.2 | ||
| 2022-02-28 | CVE-2022-0360 | The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues | Import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv | 4.8 | ||
| 2022-10-17 | CVE-2022-3244 | The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce | Import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv | 4.2 | ||
| 2019-08-12 | CVE-2015-9306 | The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS. | Import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv | 6.1 | ||
| 2019-08-14 | CVE-2018-20967 | The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF. | Import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv | 8.8 |