WordPress Plugin Vulnerabilities

WP Ultimate CSV Importer < 3.7.1 - Directory Traversal

Description

The Import and Export WordPress Data as CSV or XML WordPress plugin was affected by a Directory Traversal security vulnerability.

Affects Plugins

Plugin icon
wp-ultimate-csv-importer
Fixed in 3.7.1

References

URL
https://www.pritect.net/blog/wp-ultimate-csv-importer-3-7-1-critical-vulnerability

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287

Miscellaneous

Submitter
James Golovich
Submitter website
http://www.pritect.net
Submitter twitter
Pritect
Verified
No
WPVDB ID
81b7680a-c0b5-4e57-ba27-da07c2714679

Timeline

Publicly Published
2015-04-27 (about 11 years ago)
Added
2015-04-27 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2014-08-01
Title
WordPress <= 3.0.5 wp-admin/press-this.php Privilege Escalation
Published
2016-04-28
Title
Google Authenticator <= 0.47 - Two Factor Authentication Bypass
Published
2014-08-01
Title
All in One SEO Pack <= 2.1.5 - Unspecified Privilege Escalation
Published
2025-11-04
Title
KiotViet Sync <= 1.8.5 - Authorization Bypass via Use of Hard-coded Password
Published
2025-02-26
Title
Login Me Now < 1.7.3 - Authentication Bypass