Uncodethemes Ultra Demo Importer Cross-Site Request Forgery Vulnerability Allowing Web Shell Upload

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Uncodethemes Ultra Demo Importer plugin for WordPress, specifically in versions through 1.0.5. This vulnerability allows attackers to trick users with higher privileges into uploading a web shell to the server, potentially leading to unauthorized access or control.

Impact

Exploitation of this vulnerability could allow a malicious actor to upload a web shell to the server, providing a means to execute arbitrary commands or scripts, depending on the web shell's capabilities.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Uncodethemes Ultra Demo Importer Cross-Site Request Forgery Vulnerability Allowing Web Shell Upload

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating