The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported files.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-08-04T02:04:27.318Z
Updated: 2023-08-04T02:04:27.318Z
Reserved: 2023-08-03T13:53:20.933Z
Link: CVE-2023-4139
JSON object: View
NVD Information
Status : Modified
Published: 2023-08-04T03:15:13.813
Modified: 2023-11-07T04:22:10.390
Link: CVE-2023-4139
JSON object: View
Redhat Information
No data.
CWE
No CWE.