cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-31939,https://securityvulnerability.io/vulnerability/CVE-2024-31939,Cross-Site Request Forgery (CSRF) Vulnerability in Soflyy's Import any XML or CSV File to WordPress,"Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3.

",Wordpress,Import Any Xml Or Csv File To WordPress,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-10T19:17:54.335Z,0
CVE-2023-7082,https://securityvulnerability.io/vulnerability/CVE-2023-7082,WP All Import < 3.7.3 - Admin+ Arbitrary File Upload to RCE,"The Import any XML or CSV File to WordPress plugin is vulnerable due to inadequate validation of file types when accepting zip files. This vulnerability allows high privilege users, such as administrators, to upload malicious executable files. Upon upload, these files are automatically extracted into a publicly accessible directory, potentially compromising the security of the WordPress site. Addressing this vulnerability is crucial to prevent unauthorized access and maintain the integrity of the platform.",Wordpress,Import any XML or CSV File to WordPress,7.2,HIGH,0.0021800000686198473,false,,false,false,true,true,false,false,2024-01-22T19:14:29.189Z,0
CVE-2023-4142,https://securityvulnerability.io/vulnerability/CVE-2023-4142,Remote Code Execution Vulnerability in WP Ultimate CSV Importer Plugin for WordPress,"The WP Ultimate CSV Importer plugin for WordPress contains a vulnerability allowing remote code execution through the '->cus1' parameter in versions up to 7.9.8. This risk is particularly elevated for authenticated attackers with author-level permissions or higher, provided that the administrator has previously granted access within the plugin's settings. While the vulnerability mitigation strategy involves restricting file imports for authors and editors, caution is still advised as site administrators remain at risk of remote code execution. Users are encouraged to review plugin settings and implement robust security measures.",Wordpress,"Import All Pages, Post types, Products, Orders, and Users as XML & CSV",8.8,HIGH,0.004749999847263098,false,,false,false,false,,false,false,2023-08-04T03:15:00.000Z,0
CVE-2023-4140,https://securityvulnerability.io/vulnerability/CVE-2023-4140,Privilege Escalation in WP Ultimate CSV Importer by WordPress,"The WP Ultimate CSV Importer plugin for WordPress, up to and including version 7.9.8, is susceptible to a privilege escalation vulnerability caused by insufficient restrictions on the 'get_header_values' function. This issue permits authenticated attackers, who hold limited permissions like those of an author, to escalate their privileges if the administrator permits such access through the plugin's settings. By manipulating the 'wp_capabilities->cus1' parameter, these attackers can illegitimately modify their user roles, potentially allowing them to perform unauthorized actions within the WordPress environment.",Wordpress,"Import All Pages, Post types, Products, Orders, and Users as XML & CSV",8.8,HIGH,0.0014199999859556556,false,,false,false,false,,false,false,2023-08-04T03:15:00.000Z,0
CVE-2023-4139,https://securityvulnerability.io/vulnerability/CVE-2023-4139,Sensitive Information Exposure in WP Ultimate CSV Importer from WordPress,"The WP Ultimate CSV Importer plugin in WordPress has a vulnerability allowing unauthorized users to access and list sensitive exported files. This occurs due to inadequate restrictions on directory listing in the export folder, affecting versions up to 7.9.8. Attackers can exploit this flaw to view confidential data, potentially leading to further security risks. Website administrators should take immediate action to secure their installations and prevent unauthorized access.",Wordpress,"Import All Pages, Post types, Products, Orders, and Users as XML & CSV",7.5,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,2023-08-04T03:15:00.000Z,0
CVE-2023-4141,https://securityvulnerability.io/vulnerability/CVE-2023-4141,Remote Code Execution Risk in WP Ultimate CSV Importer Plugin by WordPress,"The WP Ultimate CSV Importer plugin for WordPress is susceptible to a vulnerability that allows authenticated users with author-level permissions or higher to execute arbitrary PHP code on the server. This is possible through manipulating the '->cus2' parameter, provided that the administrator has granted the necessary access in the plugin settings. It is important to note that while the author of the plugin has resolved this vulnerability by restricting file imports for authors and editors, site administrators still retain the ability to create PHP files. This necessitates a cautious approach when using the plugin, as server security could still be compromised.",Wordpress,"Import All Pages, Post types, Products, Orders, and Users as XML & CSV",8.8,HIGH,0.004749999847263098,false,,false,false,false,,false,false,2023-08-04T03:15:00.000Z,0
CVE-2022-2711,https://securityvulnerability.io/vulnerability/CVE-2022-2711,WP All Import < 3.6.9 - Admin+ Directory traversal via file upload,"The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector.",Wordpress,Import Any Xml Or Csv File To WordPress,7.2,HIGH,0.0012700000079348683,false,,false,false,false,,false,false,2022-11-07T00:00:00.000Z,0
CVE-2022-3418,https://securityvulnerability.io/vulnerability/CVE-2022-3418,WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE,"The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files",Wordpress,Import Any Xml Or Csv File To WordPress,7.2,HIGH,0.001509999972768128,false,,false,false,false,,false,false,2022-11-07T00:00:00.000Z,0
CVE-2022-3244,https://securityvulnerability.io/vulnerability/CVE-2022-3244,"Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation","The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce",Wordpress,"Import All Xml, Csv & Txt Into WordPress",4.2,MEDIUM,0.0005099999834783375,false,,false,false,false,,false,false,2022-10-17T00:00:00.000Z,0
CVE-2022-3243,https://securityvulnerability.io/vulnerability/CVE-2022-3243,"Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi","The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin",Wordpress,"Import All Xml, Csv & Txt Into WordPress",7.2,HIGH,0.0009399999980814755,false,,false,false,false,,false,false,2022-10-17T00:00:00.000Z,0
CVE-2022-2268,https://securityvulnerability.io/vulnerability/CVE-2022-2268,WP All Import < 3.6.8 - Admin+ Arbitrary File Upload,"The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE",Wordpress,Import Any Xml Or Csv File To WordPress,7.2,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2022-07-04T13:06:04.000Z,0
CVE-2022-36386,https://securityvulnerability.io/vulnerability/CVE-2022-36386,WordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerability,Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.,Wordpress,Import Any Xml Or Csv File To WordPress (WordPress Plugin),9.1,CRITICAL,0.0011399999493733048,false,,false,false,false,,false,false,2022-06-28T00:00:00.000Z,0
CVE-2022-1273,https://securityvulnerability.io/vulnerability/CVE-2022-1273,Import WP < 2.4.6 - Admin+ Arbitrary File Upload to RCE,"The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE",Wordpress,Import WP – Import And Export WordPress Data To Xml Or Csv Files,7.2,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2022-05-02T16:05:55.000Z,0
CVE-2021-24714,https://securityvulnerability.io/vulnerability/CVE-2021-24714,WP All Import < 3.6.3 - Admin+ Stored Cross-Site Scripting,"The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfiltered_html capability is disallowed.",Wordpress,Import Any Xml Or Csv File To WordPress,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-12-06T15:55:23.000Z,0
CVE-2018-20967,https://securityvulnerability.io/vulnerability/CVE-2018-20967,,The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.,Wordpress,"Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv",8.8,HIGH,0.0010400000028312206,false,,false,false,false,,false,false,2019-08-14T15:21:49.000Z,0
CVE-2015-9306,https://securityvulnerability.io/vulnerability/CVE-2015-9306,,The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS.,Wordpress,"Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv",6.1,MEDIUM,0.0006900000153109431,false,,false,false,false,,false,false,2019-08-12T14:41:35.000Z,0