What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2015-10125.

What is the severity of CVE-2015-10125?

CVE-2015-10125 has a severity score of 8.8 (high).

What is the affected software version of CVE-2015-10125?

The affected software version of CVE-2015-10125 is WP Ultimate CSV Importer Plugin 3.7.2 on WordPress.

How can I fix CVE-2015-10125?

To fix CVE-2015-10125, upgrade to version 3.7.3 of WP Ultimate CSV Importer Plugin.

What is the CWE ID for CVE-2015-10125?

The CWE ID for CVE-2015-10125 is 352.

Vulnerability/
CVE-2015-10125

high

8.8

CWE

352

5/10/2023

6/8/2024

CVE-2015-10125: WP Ultimate CSV Importer Plugin cross-site request forgery

First published: Thu Oct 05 2023(Updated: )

A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability.

Credit: cna@vuldb.com cna@vuldb.com

Affected Software	Affected Version	How to fix
Smackcoders Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv	<3.7.3
	<3.7.3

Remedy

https://github.com/wp-plugins/wp-ultimate-csv-importer/commit/13c30af721d3f989caac72dd0f56cf0dc40fad7e

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2015-10125.
What is the severity of CVE-2015-10125?
CVE-2015-10125 has a severity score of 8.8 (high).
What is the affected software version of CVE-2015-10125?
The affected software version of CVE-2015-10125 is WP Ultimate CSV Importer Plugin 3.7.2 on WordPress.
How can I fix CVE-2015-10125?
To fix CVE-2015-10125, upgrade to version 3.7.3 of WP Ultimate CSV Importer Plugin.
What is the CWE ID for CVE-2015-10125?
The CWE ID for CVE-2015-10125 is 352.

collector/nvd-index
agent/references
agent/author
agent/type
agent/weakness
agent/remedy
agent/description
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/severity
agent/title
agent/first-publish-date
agent/event
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
vendor/smackcoders
canonical/smackcoders import all pages\, post types\, products\, orders\, and users as xml \& csv

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.