exploitDog

CVE-2025-4190

Опубликовано: 17 мая 2025

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

Ссылки

https://wpscan.com/vulnerability/e525ece5-6e03-4aee-bf5b-6ae0b961f027/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/e525ece5-6e03-4aee-bf5b-6ae0b961f027/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:aleapp:csv_mass_importer:*:*:*:*:*:wordpress:*:*

Версия до 1.2 (включая)

EPSS

Процентиль: 13%

0.00044

Низкий

7.2 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-7rm6-cjw9-cf8v

CVSS3: 7.2

github

9 месяцев назад

The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

EPSS

Процентиль: 13%

0.00044

Низкий

7.2 High

CVSS3

Дефекты

NVD-CWE-noinfo