WordPress Plugin Vulnerabilities

WP Ultimate CSV Importer < 6.4.1 - Subscriber+ Arbitrary File Upload

Description

The plugin does not have authorisation and CSRF checks when uploading zip files via the zip_upload AJAX call, and does not perform any check on the files to be extracted. As a result, any authenticated user, such as subscriber could upload an archive with PHP files in it, leading to RCE

Proof of Concept

Affects Plugins

Plugin icon
wp-ultimate-csv-importer
Fixed in 6.4.1

References

URL
https://plugins.trac.wordpress.org/changeset/2656346/

Miscellaneous

Verified
Yes
WPVDB ID
64bd22e2-ea38-4b6f-be54-e81f9e77bdc2

Timeline

Publicly Published
2022-01-12 (about 4 years ago)
Added
2022-01-12 (about 4 years ago)
Last Updated
2022-01-12 (about 4 years ago)

Other

Published
Title
Published
2024-05-28
Title
WP STAGING WordPress Backup Plugin – Migration Backup Restore < 3.5.0 - Admin+ Arbitrary File Upload
Published
2014-08-01
Title
Shotzz - Custom Background Shell Upload
Published
2023-11-20
Title
CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Upload
Published
2026-01-15
Title
g-FFL Checkout < 2.1.1 - Unauthenticated Arbitrary File Upload
Published
2026-03-20
Title
Photo Engine (Media Organizer & Lightroom) < 6.5.0 - Authenticated (Author+) Arbitrary File Upload