cleantalk
Vulnerabilities and Security Researches

Ultimate Tag Warrior Importer, CVE-2025-9374

CVE, Research URL

CVE-2025-9374

Home page URL

Security reports for Ultimate Tag Warrior Importer

Application

Ultimate Tag Warrior Importer

Published on
Aug 29, 2025
Research Description
The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to import tags granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 0.2.
Status
vulnerable
Previous vulnerability researches
Bold Page Builder (CVE-2022-2089) , Jun 06, 2024
Bold Page Builder (CVE-2023-49823) , Jun 06, 2024
Bold Page Builder (CVE-2024-3266) , Jun 06, 2024
Bold Page Builder (CVE-2025-58194) , Aug 28, 2025
Bold Page Builder (CVE-2019-15821) , Jun 06, 2024
New vulnerability
OSM Map Widget for Elementor (CVE-2025-8619) , Aug 30, 2025
Simple Page Access Restriction (CVE-2025-58202) , Aug 30, 2025
Chartbeat (CVE-2025-53250) , Aug 30, 2025
Table Editor (CVE-2025-48310) , Aug 30, 2025
WP Thumbtack Review Slider (CVE-2025-58216) , Aug 30, 2025