The CSV to HTML plugin used in WordPress has a security issue where any type of file can be uploaded without being checked, in versions 3.06 and below. This means that someone who is logged in and has Subscriber-level access or higher can upload any file they want onto the website’s server, which could potentially allow them to run code remotely.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
