ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Ultimate CSV Importer Plugin <= 3.7.0 - Directory Traversal

Product
WP Ultimate CSV Importer
Description
Because of this vulnerability, the attackers can read files on the filesystem without authorization.
Solution
Update the plugin.
Classification
Type BYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
References
Pritect
CVE
Name CVE-N/A
Versions
Affected In <= 3.7.0
Fixed In 3.7.1
Disclosure date
2015-04-27
Credits
James Golovich