| CVE-2026-1317 | WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | Medium | 6.5 | 2026-02-18 12:28:35 | Deep Dive |
| CVE-2025-14627 | WP Import – Ultimate CSV XML Importer for WordPress <= 7.35 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink Bypass | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | Medium | 6.4 | 2026-01-01 16:19:31 | Deep Dive |
| CVE-2025-13606 | Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure | smackcoders | Export All Posts, Products, Orders, Refunds & Users | Medium | 6.5 | 2025-12-02 04:37:14 | Deep Dive |
| CVE-2025-13145 | WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | High | 7.2 | 2025-11-19 05:45:13 | Deep Dive |
| CVE-2025-12732 | WP Import – Ultimate CSV XML Importer for WordPress <= 7.33 - Missing Authorization to Authenticated (Author+) Sensitive Information Exposure | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | Medium | 4.3 | 2025-11-12 08:28:04 | Deep Dive |
| CVE-2025-10058 | WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Authenticated (Subscriber+) Arbitrary File Deletion | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | High | 8.1 | 2025-09-17 05:18:45 | Deep Dive |
| CVE-2025-10057 | WP Import – Ultimate CSV XML Importer for WordPress 7.20 - 7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection | smackcoders | WP Import – Ultimate CSV XML Importer for WordPress | High | 8.8 | 2025-09-17 05:18:45 | Deep Dive |
| CVE-2025-10040 | WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | High | 7.7 | 2025-09-10 06:38:49 | Deep Dive |
| CVE-2025-9990 | WordPress Helpdesk Integration <= 5.8.10 - Unauthenticated Local File Inclusion | smackcoders | WordPress Helpdesk Integration | High | 8.1 | 2025-09-05 02:25:02 | Deep Dive |
| CVE-2025-5692 | Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Many Actions | smackcoders | Lead Form Data Collection to CRM | Medium | 6.3 | 2025-07-02 02:03:53 | Deep Dive |
| CVE-2025-47690 | WordPress Lead Form Data Collection to CRM plugin <= 3.1 - Arbitrary Option Update to Privilege Escalation vulnerability | Smackcoders Inc., | Lead Form Data Collection to CRM | High | 8.8 | 2025-05-23 12:43:18 | Deep Dive |
| CVE-2025-31788 | WordPress AIO Performance Profiler, Monitor, Optimize, Compress & Debug plugin <= 1.3 - Sensitive Data Exposure vulnerability | Smackcoders Inc., | AIO Performance Profiler, Monitor, Optimize, Compress & Debug | Medium | 5.3 | 2025-04-01 14:51:29 | Deep Dive |
| CVE-2025-31775 | WordPress Google SEO Pressor for Rich snippets Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability | Smackcoders Inc., | Google SEO Pressor Snippet | Medium | 4.3 | 2025-04-01 14:51:22 | Deep Dive |
| CVE-2025-2008 | Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | High | 8.8 | 2025-04-01 04:21:21 | Deep Dive |
| CVE-2025-2007 | Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Deletion | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | High | 8.1 | 2025-04-01 04:21:20 | Deep Dive |
| CVE-2025-31530 | WordPress Google SEO Pressor Snippet plugin <= 2.0 - Broken Access Control vulnerability | Smackcoders Inc., | Google SEO Pressor Snippet | Medium | 4.3 | 2025-03-31 12:55:08 | Deep Dive |
| CVE-2025-22647 | WordPress AIO Performance Profiler plugin <= 1.2 - Broken Access Control vulnerability | Smackcoders Inc., | AIO Performance Profiler, Monitor, Optimize, Compress & Debug | Medium | 4.3 | 2025-03-27 15:07:25 | Deep Dive |
| CVE-2025-30810 | WordPress Lead Form Data Collection to CRM plugin <= 3.0.1 - SQL Injection vulnerability | Smackcoders Inc., | Lead Form Data Collection to CRM | High | 8.5 | 2025-03-27 10:54:59 | Deep Dive |
| CVE-2025-2332 | Export All Posts, Products, Orders, Refunds & Users <= 2.13 - Unauthenticated PHP Object Injection | smackcoders | Export All Posts, Products, Orders, Refunds & Users | Critical | 9.8 | 2025-03-27 05:22:30 | Deep Dive |
| CVE-2024-12315 | Export All Posts, Products, Orders, Refunds & Users <= 2.9.3 - Information Disclosure Through Unprotected Directory | smackcoders | Export All Posts, Products, Orders, Refunds & Users | High | 7.5 | 2025-02-12 08:25:43 | Deep Dive |