Vulnerabilities and security researches forwp-ultimate-csv-importer wp-ultimate-csv-importer
Direction: ascendingJun 07, 2024
Import CSV or XML Datafeed With Ease # CVE-2018-20967
- CVE, Research URL
- Application
- Date
- Aug 14, 2019
- Research Description
- The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.
- Affected versions
-
max 5.6.1.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # CVE-2015-9306
- CVE, Research URL
- Application
- Date
- Aug 12, 2019
- Research Description
- The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS.
- Affected versions
-
max 3.8.1.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # CVE-2022-3243
- CVE, Research URL
- Application
- Date
- Oct 17, 2022
- Research Description
- The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin
- Affected versions
-
max 6.5.8.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # CVE-2022-3244
- CVE, Research URL
- Application
- Date
- Oct 17, 2022
- Research Description
- The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce
- Affected versions
-
max 6.5.8.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # CVE-2022-1977
- CVE, Research URL
- Application
- Date
- Jun 27, 2022
- Research Description
- The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks
- Affected versions
-
max 6.5.3.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # CVE-2022-0360
- CVE, Research URL
- Application
- Date
- Feb 28, 2022
- Research Description
- The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues
- Affected versions
-
max 6.4.3.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # CVE-2023-4142
- CVE, Research URL
- Application
- Date
- Aug 04, 2023
- Research Description
- The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution.
- Affected versions
-
max 7.9.9.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # CVE-2023-4139
- CVE, Research URL
- Application
- Date
- Aug 04, 2023
- Research Description
- The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported files.
- Affected versions
-
max 7.9.9.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # CVE-2023-4140
- CVE, Research URL
- Application
- Date
- Aug 04, 2023
- Research Description
- The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter.
- Affected versions
-
max 7.9.9.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # CVE-2023-4141
- CVE, Research URL
- Application
- Date
- Aug 04, 2023
- Research Description
- The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution.
- Affected versions
-
max 7.9.9.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # CVE-2015-10125
- CVE, Research URL
- Application
- Date
- Oct 06, 2023
- Research Description
- A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability.
- Affected versions
-
max 3.7.3.
- Status
-
vulnerable
Apr 03, 2025
Import CSV or XML Datafeed With Ease # CVE-2025-2007
- CVE, Research URL
- Application
- Date
- Apr 01, 2025
- Research Description
- The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). Please note this vulnerability was reintroduced in 7.20, and subsequently patched again in 7.20.1.
- Affected versions
-
max 7.20.1.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # CVE-2025-2008
- CVE, Research URL
- Application
- Date
- Apr 01, 2025
- Research Description
- The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import_single_post_as_csv() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Please note this vulnerability was reintroduced in 7.20, and subsequently patched again in 7.20.1.
- Affected versions
-
max 7.20.1.
- Status
-
vulnerable
Oct 11, 2025
Import CSV or XML Datafeed With Ease # CVE-2025-10057
- CVE, Research URL
- Application
- Date
- Sep 17, 2025
- Research Description
- The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.28. This is due to the write_to_customfile() function writing unfiltered PHP code to a file. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject the customFunction.php file with PHP code that can be accessed to trigger remote code execution.
- Affected versions
-
Min 7.20, max 7.29.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # CVE-2025-10040
- CVE, Research URL
- Application
- Date
- Sep 10, 2025
- Research Description
- The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ftp_details' AJAX action in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve a configured set of SFTP/FTP credentials.
- Affected versions
-
max 7.28.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # CVE-2025-10058
- CVE, Research URL
- Application
- Date
- Sep 17, 2025
- Research Description
- The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the upload_function() function in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
- Affected versions
-
max 7.28.
- Status
-
vulnerable
Dec 10, 2025
Import CSV or XML Datafeed With Ease # CVE-2025-13145
- CVE, Research URL
- Application
- Date
- Nov 19, 2025
- Research Description
- The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1. This is due to deserialization of untrusted data supplied via CSV file imports in the import_single_post_as_csv function within SingleImportExport.php. This makes it possible for authenticated attackers, with administrator-level access or higher, to inject a PHP object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
- Affected versions
-
max 7.34.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # CVE-2025-12732
- CVE, Research URL
- Application
- Date
- Nov 12, 2025
- Research Description
- The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of sensitive information due to a missing authorization check on the showsetting() function in all versions up to, and including, 7.33. This makes it possible for authenticated attackers, with Author-level access or higher, to extract sensitive information including OpenAI API keys configured through the plugin's admin interface.
- Affected versions
-
max 7.33.1.
- Status
-
vulnerable
Jan 09, 2026
Import CSV or XML Datafeed With Ease # CVE-2025-14627
- CVE, Research URL
- Application
- Date
- Jan 01, 2026
- Research Description
- The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.35. This is due to inadequate validation of the resolved URL after following Bitly shortlink redirects in the `upload_function()` method. While the initial URL is validated using `wp_http_validate_url()`, when a Bitly shortlink is detected, the `unshorten_bitly_url()` function follows redirects to the final destination URL without re-validating it. This makes it possible for authenticated attackers with Contributor-level access or higher to make the server perform HTTP requests to arbitrary internal endpoints, including localhost, private IP ranges, and cloud metadata services (e.g., 169.254.169.254), potentially exposing sensitive internal data.
- Affected versions
-
max 7.36.
- Status
-
vulnerable
Apr 15, 2026
Import CSV or XML Datafeed With Ease # CVE-2026-1317
- CVE, Research URL
- Application
- Date
- Feb 18, 2026
- Research Description
- The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the `file_name` parameter which is stored in the database during file upload and later used in raw SQL queries without proper sanitization. This makes it possible for authenticated attackers with Subscriber-level access or higher to append additional SQL queries into already existing queries via a malicious filename, which can be used to extract sensitive information from the database. The vulnerability can only be exploited when the 'Single Import/Export' option is enabled, and the server is running a PHP version < 8.0.
- Affected versions
-
max 7.38.
- Status
-
vulnerable
Jun 16, 2026
Import CSV or XML Datafeed With Ease # 35a4b75e5c5347dd75d8571a66f7e6334636baf0
- CVE, Research URL
- Application
- Date
- Feb 22, 2015
- Research Description
- WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel [wp-ultimate-csv-importer] < 3.6.75 WordPress Ultimate CSV Importer Plugin <= 3.6.74 Information Disclosure Because of this vulnerability, remote attackers can disclose usernames, hashed passwords and email addresses for all users. Update the plugin.
- Affected versions
-
max 3.6.75.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # 79f7431831f08b32ac167aa67b14bf1b6065413f
- CVE, Research URL
- Application
- Date
- Jan 12, 2022
- Research Description
- WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel [wp-ultimate-csv-importer] < 6.4.1 WP Ultimate CSV Importer <= 6.4.0 - Arbitrary File Upload The WP Ultimate CSV Importer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip_upload AJAX call in versions up to, and including, 6.4.0. This makes it possible for subscriber-level attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
- Affected versions
-
max 6.4.1.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # a375e8173ddeb78895d04d4b4c07bb768004d58c
- CVE, Research URL
- Application
- Date
- Jan 27, 2018
- Research Description
- WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel [wp-ultimate-csv-importer] < 3.8.8 Import Export All WordPress Images, Users & Post Types <= 3.8.7 - Reflected Cross-Site Scripting The Import Export All WordPress Images, Users & Post Types plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘alertmsg’ parameter in versions up to, and including, 3.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Affected versions
-
max 3.8.8.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # 04be56e9c4cefde64ca65d58048c3f8777614b39
- CVE, Research URL
- Application
- Date
- Jan 27, 2016
- Research Description
- WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel [wp-ultimate-csv-importer] < 3.8.8 WordPress Ultimate CSV Importer Plugin <= 3.8.6 - Reflected Cross Site Scripting This plugin is prone to a cross site scripting vulnerability, because "alertmsg" parameter is not sanitized. Update the plugin.
- Affected versions
-
max 3.8.8.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # abe2aee4880269259229c836bb46574d9acc8e3f
- CVE, Research URL
- Application
- Date
- Jan 17, 2022
- Research Description
- WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel [wp-ultimate-csv-importer] < 6.4.2 Import all XML, CSV & TXT into WordPress < 6.4.2 - Missing Authorization The Import all XML, CSV & TXT into WordPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the disable_main_mode function in versions up to, and including, 6.4.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary site options.
- Affected versions
-
max 6.4.2.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # c43cfb3ba18b8043e62be4c1cdc99c468a4bfb0c
- CVE, Research URL
- Application
- Date
- Jan 12, 2022
- Research Description
- WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel [wp-ultimate-csv-importer] < 6.4.1 WordPress WP Ultimate CSV Importer plugin <= 6.4 - Arbitrary File Upload vulnerability Arbitrary File Upload vulnerability discovered in WordPress WP Ultimate CSV Importer plugin (versions <= 6.4).
- Affected versions
-
max 6.4.1.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # a7b79211664ac6b46269ced6e6e0d3bab510a026
- CVE, Research URL
- Application
- Date
- Jan 12, 2022
- Research Description
- WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel [wp-ultimate-csv-importer] < 6.4.1 WordPress WP Ultimate CSV Importer plugin <= 6.4 - Arbitrary Media File Deletion vulnerability Arbitrary Media File Deletion vulnerability (restricted to the uploads folder of the current year/month) discovered in WordPress WP Ultimate CSV Importer plugin (versions <= 6.4).
- Affected versions
-
max 6.4.1.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # 70c9df91b77f1c8411884c8ac5a197c0f36f58ec
- CVE, Research URL
- Application
- Date
- Apr 27, 2015
- Research Description
- WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel [wp-ultimate-csv-importer] < 3.7.1 WordPress Ultimate CSV Importer Plugin <= 3.7.0 - Directory Traversal Because of this vulnerability, the attackers can read files on the filesystem without authorization. Update the plugin.
- Affected versions
-
max 3.7.1.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # adf319f8d6673b9cfcd537ded704e0028f0a0419
- CVE, Research URL
- Application
- Date
- Jan 12, 2022
- Research Description
- WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel [wp-ultimate-csv-importer] < 6.4.1 Easy Drag And drop All Import : WP Ultimate CSV Importer < 6.4.1 - Missing Authorization Checks The WP Ultimate CSV Importer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions like upload_function(), display_log(), download_log(), display_csv_values(), etc... in versions up to 6.4.1. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to perform many unauthorized actions and retrieve sensitive data.
- Affected versions
-
max 6.4.1.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # e83756f83da21662f00f62dd942c3653938c2302
- CVE, Research URL
- Application
- Date
- Jan 17, 2022
- Research Description
- WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel [wp-ultimate-csv-importer] < 6.4.2 WordPress WP Ultimate CSV Importer plugin <= 6.4.1 - Arbitrary Option Deletion vulnerability Arbitrary Option Deletion vulnerability discovered by WPScanTeam in WordPress WP Ultimate CSV Importer plugin (versions <= 6.4.1).
- Affected versions
-
max 6.4.2.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # d85eb92247d5c34381644023b5dcce90d9d9d6d1
- CVE, Research URL
- Application
- Date
- Jan 12, 2022
- Research Description
- WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel [wp-ultimate-csv-importer] < 6.4.1 WordPress WP Ultimate CSV Importer plugin <= 6.4 - Plugin Settings Update vulnerability Plugin Settings Update vulnerability discovered in WordPress WP Ultimate CSV Importer plugin (versions <= 6.4).
- Affected versions
-
max 6.4.1.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # 5c64c2c35f1ce619d7c608c8987d92af2239c980
- CVE, Research URL
- Application
- Date
- Apr 27, 2015
- Research Description
- WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel [wp-ultimate-csv-importer] < 3.7.1 WP Ultimate CSV Importer <= 3.7 - Arbitrary File Read The WP Ultimate CSV Importer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the templates/readfile.php file in versions up to, and including, 3.7. This makes it possible for unauthenticated attackers to read any files on the vulnerable service that PHP has access to.
- Affected versions
-
max 3.7.1.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # 0f07e48bdf63a50afbb2b97f39737f8ade1089b0
- CVE, Research URL
- Application
- Date
- Feb 22, 2015
- Research Description
- WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel [wp-ultimate-csv-importer] < 3.6.75 Ultimate CSV Importer < 3.6.75 - Information Disclosure The Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 3.6.74 via the modules/export/templates/export.php file. This can allow unauthenticated attackers to extract sensitive data including emails, passwords and usernames.
- Affected versions
-
max 3.6.75.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # 06a98f51-e581-4e42-8287-7c18254d100c
- CVE, Research URL
- Application
- Date
- -
- Research Description
- WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel [wp-ultimate-csv-importer] < 6.4.2 WP Ultimate CSV Importer < 6.4.2 - Subscriber+ Arbitrary Option Deletion The plugin does not have authorisation and CSRF checks when deleting options via the disable_main_mode AJAX action, and does not ensure that the option to be delete belong to the plugin. As a result, any authenticated user, such as subscriber, could delete arbitrary options from the blog
- Affected versions
-
max 6.4.2.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # fc4865d1-00b9-4594-99d2-e2a3fc0d3951
- CVE, Research URL
- Application
- Date
- -
- Research Description
- WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel [wp-ultimate-csv-importer] < 3.6.75 WP Ultimate CSV Importer <= 3.6.74 - Database Table Export Due to lack of verification of a visitors permissions, it is possible to execute the ‘export.php’ script included in the default installation of this plugin, and retrieve the full contents of the user table in the WordPress installation. This results in full disclosure of usernames, hashed passwords and email addresses for all users. After update 3.6.74, a change to the ‘export.php’ script was made, which required a REFERER header to be passed through in the request. After this header is added (as in the second PoC), the behaviour is exactly the same, resulting in full disclosure of usernames, hashed passwords and email addresses for all users.
- Affected versions
-
max 3.6.75.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # 64bd22e2-ea38-4b6f-be54-e81f9e77bdc2
- CVE, Research URL
- Application
- Date
- -
- Research Description
- WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel [wp-ultimate-csv-importer] < 6.4.1 WP Ultimate CSV Importer < 6.4.1 - Subscriber+ Arbitrary File Upload The plugin does not have authorisation and CSRF checks when uploading zip files via the zip_upload AJAX call, and does not perform any check on the files to be extracted. As a result, any authenticated user, such as subscriber could upload an archive with PHP files in it, leading to RCE
- Affected versions
-
max 6.4.1.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # 1d10d116-3dda-41d4-a6f4-66d300385003
- CVE, Research URL
- Application
- Date
- -
- Research Description
- WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel [wp-ultimate-csv-importer] < 3.8.8 WP Ultimate CSV Importer <= 3.8.6 - Reflected Cross-Site Scripting (XSS) The Import and Export WordPress Data as CSV or XML WordPress plugin was affected by a Reflected Cross-Site Scripting (XSS) security vulnerability.
- Affected versions
-
max 3.8.8.
- Status
-
vulnerable
Import CSV or XML Datafeed With Ease # 81b7680a-c0b5-4e57-ba27-da07c2714679
- CVE, Research URL
- Application
- Date
- -
- Research Description
- WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel [wp-ultimate-csv-importer] < 3.7.1 WP Ultimate CSV Importer < 3.7.1 - Directory Traversal The Import and Export WordPress Data as CSV or XML WordPress plugin was affected by a Directory Traversal security vulnerability.
- Affected versions
-
max 3.7.1.
- Status
-
vulnerable
Jul 11, 2026
Import CSV or XML Datafeed With Ease # CVE-2026-13353
- CVE, Research URL
- Application
- Date
- Jul 11, 2026
- Research Description
- The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.0.1 via the 'MappedFields' parameter. This is due to missing capability checks on the AJAX handlers for install_addon, saveMappedFields, and StartImport, combined with the plugin nonce being exposed to any authenticated user who can load an admin page, allowing a Subscriber to install the Import WooCommerce add-on, persist attacker-controlled PHP expressions in the MappedFields parameter, and trigger evaluation via eval() in ImportHelpers::get_meta_values(). This makes it possible for authenticated attackers, with subscriber-level access and above, to execute code on the server.
- Affected versions
-
max 8.1.
- Status
-
vulnerable