The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported files.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-08-04T02:04:27.318Z

Updated: 2024-08-02T07:17:12.134Z

Reserved: 2023-08-03T13:53:20.933Z

Link: CVE-2023-4139

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-08-04T03:15:13.813

Modified: 2024-11-21T08:34:28.247

Link: CVE-2023-4139

cve-icon Redhat

No data.