cleantalk
Vulnerabilities and Security Researches

Import CSV or XML Datafeed With Ease, CVE-2025-2008

CVE, Research URL

CVE-2025-2008

Home page URL

Security reports for Import CSV or XML Datafeed With Ease

Application

Import CSV or XML Datafeed With Ease

Published on
Apr 01, 2025
Research Description
The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import_single_post_as_csv() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
Min -, max 7.19.1.
Status
vulnerable
Previous vulnerability researches
MediaView (CVE-2025-2481) , Mar 28, 2025
New vulnerability
ABC Notation (CVE-2025-31895) , Apr 03, 2025
Leartes TRY Exchange Rates (CVE-2025-31783) , Apr 03, 2025
Essential Real Estate (CVE-2025-30849) , Apr 03, 2025
SMS Abandoned Cart Recovery ✦ CartBoss (CVE-2025-31865) , Apr 03, 2025
HTML Forms (CVE-2025-31080) , Apr 03, 2025