Primary

Context

WP Import - Ultimate CSV XML Importer for WordPress Missing Authorization Vulnerability Allowing Sensitive Information Exposure

Vulnerability

Patched

A vulnerability exists in the WP Import - Ultimate CSV XML Importer for WordPress plugin, in all versions through 7.33, due to a missing authorization check in the showsetting() function. This flaw allows authenticated attackers with Author-level access or higher to access sensitive information, such as OpenAI API keys, through the plugin's admin interface.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, specifically OpenAI API keys, for authenticated users with Author-level access or higher.

Remediation

Users can update to version 7.33.1 or a newer patched version to address this vulnerability.

Added: Nov 12, 2025, 9:21 AM

Updated: Nov 12, 2025, 6:21 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

6.1

remediation

7.7

relevance

1.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

6.1

remediation

7.7

relevance

1.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP Import - Ultimate CSV XML Importer for WordPress Missing Authorization Vulnerability Allowing Sensitive Information Exposure

Vulnerability

Impact

Remediation

Affected Products

Smackcoders WP Import – Ultimate CSV XML Importer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating