Vulnerability
Import all XML, CSV & TXT into WordPress < 6.5.8 – Missing Authorisation
Description
The plugin does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce
CVE-ID
CVE-2022-3244
Vendor
Smackcoders
Product
WP Ultimate CSV Importer
Disclosure Timeline
Reported On: 27-07-2022
Made Public On: 20-09-2022
Fixed On: 26-08-2022
Credits
Sanjay Das