WP Ultimate CSV Importer
Smackcoders Inc.,
Developer
7.36
Latest version
20,000
Installations
No date
Last updated
Vulnerability history
0 present
22 fixed
12 Mitigation rules
- WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin <= 7.35 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink Bypass vulnerability<= 7.352 days ago
- Authenticated (Administrator+) PHP Object Injection via CSV Import vulnerability<= 7.33.1Nov 18, 2025
- Missing Authorization to Authenticated (Author+) Sensitive Information Exposure vulnerability<= 7.33Nov 12, 2025
- Authenticated (Subscriber+) Remote Code Execution via Code Injection vulnerability7.20-7.28Sep 16, 2025
- Authenticated (Subscriber+) Arbitrary File Deletion vulnerability<= 7.27Sep 16, 2025
- Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure vulnerability<= 7.27Sep 9, 2025
- Authenticated (Subscriber+) Arbitrary File Upload vulnerability<= 7.19Mar 31, 2025
- Authenticated (Subscriber+) Arbitrary File Deletion vulnerability<= 7.19Mar 31, 2025
- Authenticated Arbitrary Usermeta Update to Privilege Escalation vulnerability<= 7.9.8Aug 3, 2023
- Sensitive Information Exposure via Directory Listing vulnerability<= 7.9.8Aug 3, 2023
- Authenticated PHP file upload to RCE vulnerability<= 7.9.8Aug 3, 2023
- Authenticated Remote Code Execution vulnerability<= 7.9.8Aug 3, 2023
- Authenticated SQL Injection (SQLi) vulnerability<= 6.5.7Sep 20, 2022
- Missing Authorization vulnerability<= 6.5.7Sep 20, 2022
- Authenticated Blind Server-Side Request Forgery (SSRF) vulnerability<= 6.5.2Jun 2, 2022
- Arbitrary Option Deletion vulnerability<= 6.4.1Jan 17, 2022
- Arbitrary File Upload vulnerability<= 6.4Jan 12, 2022
- Arbitrary Media File Deletion vulnerability<= 6.4Jan 12, 2022
- Plugin Settings Update vulnerability<= 6.4Jan 12, 2022
- Reflected Cross Site Scripting<= 3.8.6Jan 27, 2016
- Directory Traversal<= 3.7.0Apr 27, 2015
- Information Disclosure<= 3.6.74Feb 22, 2015