Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress — Vulnerabilities & Security Advisories 12

All 12 CVE vulnerabilities found in WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress, with AI-generated Chinese analysis, references, and POCs.

Vendor: smackcoders

CVE IDTitleCVSSSeverityPublished
CVE-2026-1317 WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name CWE-89 6.5 Medium2026-02-18
CVE-2025-14627 WP Import – Ultimate CSV XML Importer for WordPress <= 7.35 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink Bypass CWE-918 6.4 Medium2026-01-01
CVE-2025-13145 WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import CWE-502 7.2 High2025-11-19
CVE-2025-12732 WP Import – Ultimate CSV XML Importer for WordPress <= 7.33 - Missing Authorization to Authenticated (Author+) Sensitive Information Exposure CWE-200 4.3 Medium2025-11-12
CVE-2025-10058 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Authenticated (Subscriber+) Arbitrary File Deletion CWE-73 8.1 High2025-09-17
CVE-2025-10040 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure CWE-862 7.7 High2025-09-10
CVE-2025-2008 Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload CWE-434 8.8 High2025-04-01
CVE-2025-2007 Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Deletion CWE-23 8.1 High2025-04-01
CVE-2023-4142 WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) Remote Code Execution CWE-94 8.0 High2023-08-04
CVE-2023-4141 WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) PHP File Creation to Remote Code Execution CWE-94 8.0 High2023-08-04
CVE-2023-4139 WP Ultimate CSV Importer <= 7.9.8 - Sensitive Information Exposure via Directory Listing CWE-200 7.5 High2023-08-04
CVE-2023-4140 WP Ultimate CSV Importer <= 7.9.8 - Arbitrary Usermeta Update to Authenticated (Author+) Privilege Escalation CWE-269 6.6 Medium2023-08-04

All 12 known CVE vulnerabilities affecting WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress with full Chinese analysis, references, and POCs where available.