- WordPress Plugin Import CSV is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Import CSV version 1.0 is vulnerable; prior versions may also be affected.
- Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
- WordPress Plugin Yoast SEO Possible Remote Code Execution (9.1.0)
- WordPress Plugin Custom Map Cross-Site Scripting (1.1)
- WordPress Plugin WP Post to PDF Cross-Site Scripting (2.3.1)
- WordPress Plugin Email Queue by BestWebSoft Cross-Site Request Forgery (1.0.0)
- WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)