CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4139 – WP Ultimate CSV Importer <= 7.9.8 - Sensitive Information Exposure via Directory Listing
https://notcve.org/view.php?id=CVE-2023-4139
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported files. El plugin Plugin WP Ultimate CSV Importer para WordPress es vulnerable a la exposición de información sensible a través de listados de directorios debido a la falta de restricción en la indexación de carpetas de exportación en versiones hasta, e incluyendo, v7.9.8. Esto hace posible que atacantes no autenticados puedan listar y ver los archivos exportados. • https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php https://www.wordfence.com/threat-intel/vulnerabilities/id/6404476e-0c32-4f8e-882f-6a1785ba5748?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4140 – WP Ultimate CSV Importer <= 7.9.8 - Arbitrary Usermeta Update to Authenticated (Author+) Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-4140
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter. El plugin Plugin WP Ultimate CSV Importer para WordPress es vulnerable a la escalada de privilegios en versiones hasta, e incluyendo, la v7.9.8 debido a una restricción insuficiente en la función "get_header_values". Esto hace posible que atacantes autenticados, con permisos mínimos como un autor, si el administrador previamente concede acceso en la configuración del plugin, modifiquen su rol de usuario suministrando el parámetro "wp_capabilities->cus1". • https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.9.6/importExtensions/ImportHelpers.php#L205 https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php https://www.wordfence.com/threat-intel/vulnerabilities/id/5fdba41f-daa5-44e8-bc47-aa8b7bd31054?source=cve • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4141 – WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) PHP File Creation to Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-4141
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution. El plugin WP Ultimate CSV Importer para WordPress es vulnerable a la ejecución remota de código en versiones hasta, e incluyendo, la v7.9.8 a través del parámetro "->cus2". Esto permite a atacantes autenticados con permisos de nivel autor o superior, si el administrador concede previamente el acceso en la configuración del plugin, crear un archivo PHP y ejecutar código en el servidor. • https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.9.6/importExtensions/ImportHelpers.php#L205 https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php https://www.wordfence.com/threat-intel/vulnerabilities/id/b4fe8b1f-da1c-4f94-9ab4-272766b488c3?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4142 – WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-4142
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution. El plugin WP Ultimate CSV Importer para WordPress es vulnerable a la ejecución remota de código en versiones hasta, e incluyendo, la v7.9.8 a través del parámetro "->cus1". Esto permite a atacantes autenticados con permisos de nivel de autor o superior, si el administrador concede previamente el acceso en la configuración del plugin, ejecutar código en el servidor. • https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.9.6/importExtensions/ImportHelpers.php#L205 https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php https://www.wordfence.com/threat-intel/vulnerabilities/id/db1bad2e-55df-40c5-9a3f-651858a19b42?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •