N/A
2026-02-17< 7.38
WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name
WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress
Minimum safe version
7.38
Update to 7.38 or later to address 38 fixable vulnerabilities
Latest available7.40 ✓
Medium 6.4
2026-01-01< 7.36
CVE-2025-14627
High 7.2
2025-11-19< 7.34
CVE-2025-13145
Medium 4.3
2025-11-12< 7.33.1
CVE-2025-12732
High 8.8
2025-09-17≥ 7.20 and < 7.29
CVE-2025-10057
High 8.1
2025-09-17< 7.28
CVE-2025-10058
High 7.7
2025-09-10< 7.28
CVE-2025-10040
High 8.8
2025-04-01< 7.20.1
Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload
High 8.1
2025-04-01< 7.20.1
Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Deletion
High 8.8
2023-10-05< 3.7.3
CVE-2015-10125
N/A
< 3.8.8
WP Ultimate CSV Importer <= 3.8.6 - Reflected Cross-Site Scripting (XSS)
N/A
< 6.4.1
WP Ultimate CSV Importer < 6.4.1 - Subscriber+ Arbitrary File Upload
N/A
< 6.4.2
WP Ultimate CSV Importer < 6.4.2 - Subscriber+ Arbitrary Option Deletion
N/A
< 3.6.75
WP Ultimate CSV Importer <= 3.6.74 - Database Table Export
N/A
< 3.7.1
WP Ultimate CSV Importer < 3.7.1 - Directory Traversal
High 8.8
2023-08-04< 7.9.9
CVE-2023-4141
High 8.8
2023-08-04< 7.9.9
CVE-2023-4140
High 7.5
2023-08-04< 7.9.9
CVE-2023-4139
High 8.8
2023-08-04< 7.9.9
CVE-2023-4142
N/A
2015-02-22< 3.6.75
Ultimate CSV Importer < 3.6.75 - Information Disclosure
N/A
2015-04-27< 3.7.1
WP Ultimate CSV Importer <= 3.7 - Arbitrary File Read
N/A
2018-01-27< 3.8.8
Import Export All WordPress Images, Users & Post Types <= 3.8.7 - Reflected Cross-Site Scripting
N/A
2022-01-12< 6.4.1
WP Ultimate CSV Importer <= 6.4.0 - Arbitrary File Upload
N/A
2022-01-12< 6.4.1
Easy Drag And drop All Import : WP Ultimate CSV Importer < 6.4.1 - Missing Authorization Checks
N/A
2022-01-17< 6.4.2
Import all XML, CSV & TXT into WordPress < 6.4.2 - Missing Authorization
Medium 4.2
2022-10-17< 6.5.8
CVE-2022-3244
High 7.2
2022-10-17< 6.5.8
CVE-2022-3243
N/A
2015-04-27< 3.7.1
WordPress Ultimate CSV Importer Plugin <= 3.7.0 - Directory Traversal
N/A
2015-02-22< 3.6.75
WordPress Ultimate CSV Importer Plugin <= 3.6.74 Information Disclosure
High 7.2
2022-06-27< 6.5.3
CVE-2022-1977
N/A
2016-01-27< 3.8.8
WordPress Ultimate CSV Importer Plugin <= 3.8.6 - Reflected Cross Site Scripting
N/A
2022-01-12< 6.4.1
WordPress WP Ultimate CSV Importer plugin <= 6.4 - Plugin Settings Update vulnerability
N/A
2022-01-12< 6.4.1
WordPress WP Ultimate CSV Importer plugin <= 6.4 - Arbitrary Media File Deletion vulnerability
N/A
2022-01-12< 6.4.1
WordPress WP Ultimate CSV Importer plugin <= 6.4 - Arbitrary File Upload vulnerability
N/A
2022-01-17< 6.4.2
WordPress WP Ultimate CSV Importer plugin <= 6.4.1 - Arbitrary Option Deletion vulnerability
Medium 6.1
2019-08-12< 3.8.1
CVE-2015-9306
High 8.8
2019-08-14< 5.6.1
CVE-2018-20967
Medium 4.8
2022-02-28< 6.4.3
CVE-2022-0360