Vulnerability Description
A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smackcoders | Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | < 3.7.3 |
Related Weaknesses (CWE)
References
- https://github.com/wp-plugins/wp-ultimate-csv-importer/commit/13c30af721d3f989caPatch
- https://github.com/wp-plugins/wp-ultimate-csv-importer/releases/tag/3.7.3Release Notes
- https://vuldb.com/?ctiid.241317Third Party Advisory
- https://vuldb.com/?id.241317Third Party Advisory
- https://github.com/wp-plugins/wp-ultimate-csv-importer/commit/13c30af721d3f989caPatch
- https://github.com/wp-plugins/wp-ultimate-csv-importer/releases/tag/3.7.3Release Notes
- https://vuldb.com/?ctiid.241317Third Party Advisory
- https://vuldb.com/?id.241317Third Party Advisory
FAQ
What is CVE-2015-10125?
CVE-2015-10125 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It i...
How severe is CVE-2015-10125?
CVE-2015-10125 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-10125?
Check the references section above for vendor advisories and patch information. Affected products include: Smackcoders Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv.