Log out
Get PRO

Latest

Access violation vulnerability in Import any XML or CSV File to WordPress PRO 4.1.1

  • Severity: medium-risk
  • Status: Fixed
  • Publication: February 19, 2020

The Import any XML or CSV File to WordPress plugin is a tool for WordPress websites that allows users to upload data in different formats (XML and CSV) to their site. Unfortunately, versions up to and including 3.2.4 of this plugin have a security vulnerability that allows anyone to bypass the authorization requirements. This means that if you have this plugin installed, it’s possible for anyone to access the parts of the plugin that are meant to be restricted. To fix this issue, make sure that you update to the latest version of the plugin and ensure that all of the necessary capability and nonce checks are in place.

Detected in:

Import any XML or CSV File to WordPress fixed vulnerable versions: >= * <= 3.2.4
Import any XML or CSV File to WordPress PRO fixed vulnerable versions: >= * <= 4.1.1
Import any XML, CSV or Excel File to WordPress fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.