WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. A server cross-site request forgery vulnerability exists in versions of the WordPress WP Ultimate CSV Importer plugin prior to 6.5.3, which stems from the plugin’s failure to fails to fully validate the files to be imported via URL. Highly privileged users such as administrators can exploit this vulnerability to perform server cross-site request forgery attacks.