WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation

Description

The plugin does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce

Affects Plugins

wp-ultimate-csv-importer
Fixed in version 6.5.8

References

CVE
CVE-2022-3244

Classification

Type

NO AUTHORISATION

OWASP top 10
A5: Broken Access Control
CWE
CWE-862

Miscellaneous

Original Researcher

Sanjay Das

Submitter

Sanjay Das

Submitter website
https://p3n7a90n.github.io/
Submitter twitter
p3n7a90n
Verified

Yes

WPVDB ID
de4bc449-3dd4-4776-943f-ac59ae813132

Timeline

Publicly Published

2022-09-20 (about 8 months ago)

Added

2022-09-20 (about 8 months ago)

Last Updated

2022-09-20 (about 8 months ago)

Our Other Services

WPScan WordPress Security Plugin