WordPress Plugin Vulnerabilities

WP Ultimate Csv Importer < 3.8.1 - XSS

Description

The Import and Export WordPress Data as CSV or XML WordPress plugin was affected by a XSS security vulnerability.

Affects Plugins

Plugin icon
wp-ultimate-csv-importer
Fixed in 3.8.1

References

CVE
CVE-2015-9306

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Verified
No
WPVDB ID
236bb04f-2cce-4cf2-b24f-de636c5b91c3

Timeline

Publicly Published
2015-08-18 (about 10 years ago)
Added
2019-08-25 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2026-03-02
Title
WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms < 1.1.6 - Unauthenticated Stored Cross-Site Scripting
Published
2025-01-16
Title
Mind3doM RyeBread Widgets <= 1.0 - Reflected Cross-Site Scripting
Published
2024-01-31
Title
Starbox < 3.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Display Name and Social Settings
Published
2026-02-18
Title
Renden <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title
Published
2025-11-10
Title
Nonaki – Drag and Drop Email Template builder and Newsletter plugin for WordPress <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields