Smackcoders Wp Ultimate Csv Importer – Import Csv, Xml & Excel Into Wordpress
12 CVEs affecting Smackcoders Wp Ultimate Csv Importer – Import Csv, Xml & Excel Into Wordpress. Latest disclosed: 2026-02-18. Critical: 0, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-2008 | High | 8.8 | 2025-04-01 | The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import… |
CVE-2025-10058 | High | 8.1 | 2025-09-17 | The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation… |
CVE-2025-2007 | High | 8.1 | 2025-04-01 | The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the… |
CVE-2023-4142 | High | 8.0 | 2023-08-04 | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. Th… |
CVE-2023-4141 | High | 8.0 | 2023-08-04 | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. Th… |
CVE-2025-10040 | High | 7.7 | 2025-09-10 | The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on… |
CVE-2023-4139 | High | 7.5 | 2023-08-04 | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export f… |
CVE-2025-13145 | High | 7.2 | 2025-11-19 | The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1… |
CVE-2023-4140 | Medium | 6.6 | 2023-08-04 | The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction… |
CVE-2026-1317 | Medium | 6.5 | 2026-02-18 | The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is… |
CVE-2025-14627 | Medium | 6.4 | 2026-01-01 | The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including… |
CVE-2025-12732 | Medium | 4.3 | 2025-11-12 | The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of sensitive information due to a missing aut… |