Lucene search
China National Vulnerability DatabaseCNVD-2022-62181HistoryJun 30, 2022 - 12:00 a.m.
WordPress WP Ultimate CSV Importer跨站请求伪造漏洞
2022-06-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
9
wordpress
php
csv importer
cross-site request forgery
vulnerability
admin privilege
EPSS
0.001
Percentile
38.3%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. A server cross-site request forgery vulnerability exists in versions of the WordPress WP Ultimate CSV Importer plugin prior to 6.5.3, which stems from the plugin’s failure to fails to fully validate the files to be imported via URL. Highly privileged users such as administrators can exploit this vulnerability to perform server cross-site request forgery attacks.
Related
cvelist
cvelist
CVE-2022-1977 WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRF
2022-06-27 08:59:05
nvd
nvd
CVE-2022-1977
2022-06-27 09:15:10
prion
prion
Server side request forgery (ssrf)
2022-06-27 09:15:00
patchstack
patchstack
cve
cve
CVE-2022-1977
2022-06-27 09:15:10
wpvulndb
wpvulndb
WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRF
2022-06-02 00:00:00
wpexploit
wpexploit
WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRF
2022-06-02 00:00:00