Vulnerabilities and security researches forcsv-mass-importer csv-mass-importer

May 19, 2025

CVE, Research URL: CVE-2025-4190
Home page URL: Security reports for CSV Mass Importer
Application: CSV Mass Importer
Date: May 17, 2025
Research Description: The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
Affected versions: Min -, max -.
Status: vulnerable