CSV Mass Importer WordPress Plugin Arbitrary File Upload Vulnerability

Vulnerability

A vulnerability exists in the CSV Mass Importer WordPress plugin, affecting versions through 1.2. The plugin fails to properly validate uploaded files, which allows high-privilege users, such as administrators, to upload arbitrary files to the server. This issue is particularly problematic in multisite setups, where such actions should be restricted.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads on the server, potentially allowing for further actions such as remote code execution, depending on the nature of the uploaded files.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

6.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

6.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CSV Mass Importer WordPress Plugin Arbitrary File Upload Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating