Smackcoders Wp Ultimate Csv Importer – Import Csv, Xml & Excel Into Wordpress

12 CVEs affecting Smackcoders Wp Ultimate Csv Importer – Import Csv, Xml & Excel Into Wordpress. Latest disclosed: 2026-02-18. Critical: 0, High: 8.

Top CVEs affecting Smackcoders Wp Ultimate Csv Importer – Import Csv, Xml & Excel Into Wordpress
CVESeverityScorePublishedSummary
CVE-2025-2008High8.82025-04-01The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import…
CVE-2025-10058High8.12025-09-17The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation…
CVE-2025-2007High8.12025-04-01The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the…
CVE-2023-4142High8.02023-08-04The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. Th…
CVE-2023-4141High8.02023-08-04The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. Th…
CVE-2025-10040High7.72025-09-10The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on…
CVE-2023-4139High7.52023-08-04The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export f…
CVE-2025-13145High7.22025-11-19The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1…
CVE-2023-4140Medium6.62023-08-04The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction…
CVE-2026-1317Medium6.52026-02-18The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is…
CVE-2025-14627Medium6.42026-01-01The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including…
CVE-2025-12732Medium4.32025-11-12The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of sensitive information due to a missing aut…