CVE-2023-4139

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 4, 2023

Updated: Nov 7, 2023

Summary

CVE-2023-4139 is a newly disclosed vulnerability affecting the WP Ultimate CSV Importer plugin used in WordPress sites. This issue permits unauthenticated attackers to access sensitive information through Directory Listing, due to a missing restriction in export folder indexing. Versions up to and including 7.9.8 of this plugin are vulnerable to this exposure. This vulnerability could potentially lead to the disclosure of confidential data, posing a significant risk to affected WordPress sites. It is highly recommended that users update their plugin to the latest version, 7.9.9, as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sNd6vf
https://www.cve.org/CVERecord?id=CVE-2023-4139
https://nvd.nist.gov/vuln/detail/CVE-2023-4139

Back to Vulnerability Database

CVE-2023-4139

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations