WordPress Plugin Vulnerabilities

Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation

Description

The plugin does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce

Affects Plugins

Plugin icon
wp-ultimate-csv-importer
Fixed in 6.5.8

References

CVE
CVE-2022-3244

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
3.1 (low)

Miscellaneous

Original Researcher
Sanjay Das
Submitter
Sanjay Das
Submitter website
https://p3n7a90n.github.io/
Submitter twitter
p3n7a90n
Verified
Yes
WPVDB ID
de4bc449-3dd4-4776-943f-ac59ae813132

Timeline

Publicly Published
2022-09-20 (about 1 years ago)
Added
2022-09-20 (about 1 years ago)
Last Updated
2022-09-20 (about 1 years ago)

Other

Published
Title
Published
2024-03-28
Title
weForms < 1.6.21 - Missing Authorization
Published
2021-11-15
Title
Contact Form Advanced Database <= 1.0.8 - Unauthorised AJAX Calls
Published
2024-03-22
Title
Video Conferencing with Zoom < 4.4.6 - Sensitive Information Exposure
Published
2023-10-25
Title
Ni WooCommerce Sales Report < 3.7.4 - Subscriber+ Sale & Order Reports Access
Published
2024-03-28
Title
PageLayer < 1.8.2 - Missing Authorization