Pricing
Case studies
Login
Start trial
WP Ultimate CSV Importer
Smackcoders Inc.,
Developer
7.39.3
Latest version
20,000
Installations
No date
Last updated
WordPress Plugin
No VDP
See changelog
Claim ownership
Report vulnerability
Vulnerabilities
Security Contributors
Vulnerability history
0 present
23 patched
13 Mitigation rules
WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name vulnerability
<= 7.37
19/02/2026
WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin <= 7.35 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink Bypass vulnerability
<= 7.35
01/01/2026
Authenticated (Administrator+) PHP Object Injection via CSV Import vulnerability
<= 7.33.1
18/11/2025
Missing Authorization to Authenticated (Author+) Sensitive Information Exposure vulnerability
<= 7.33
12/11/2025
Authenticated (Subscriber+) Remote Code Execution via Code Injection vulnerability
7.20-7.28
16/09/2025
Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
<= 7.27
16/09/2025
Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure vulnerability
<= 7.27
09/09/2025
Authenticated (Subscriber+) Arbitrary File Upload vulnerability
<= 7.19
31/03/2025
Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
<= 7.19
31/03/2025
Authenticated Arbitrary Usermeta Update to Privilege Escalation vulnerability
<= 7.9.8
03/08/2023
Sensitive Information Exposure via Directory Listing vulnerability
<= 7.9.8
03/08/2023
Authenticated PHP file upload to RCE vulnerability
<= 7.9.8
03/08/2023
Authenticated Remote Code Execution vulnerability
<= 7.9.8
03/08/2023
Authenticated SQL Injection (SQLi) vulnerability
<= 6.5.7
20/09/2022
Missing Authorization vulnerability
<= 6.5.7
20/09/2022
Authenticated Blind Server-Side Request Forgery (SSRF) vulnerability
<= 6.5.2
02/06/2022
Arbitrary Option Deletion vulnerability
<= 6.4.1
17/01/2022
Arbitrary File Upload vulnerability
<= 6.4
12/01/2022
Arbitrary Media File Deletion vulnerability
<= 6.4
12/01/2022
Plugin Settings Update vulnerability
<= 6.4
12/01/2022
Reflected Cross Site Scripting
<= 3.8.6
27/01/2016
Directory Traversal
<= 3.7.0
27/04/2015
Information Disclosure
<= 3.6.74
22/02/2015