CVE-2023-4140

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter.

CVSS v3.0 8.8 HIGH

8.8^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/5fdba41f-daa5-44e8-bc47-aa8b7bd31054?source=cve	Third Party Advisory
https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.9.6/importExtensions/ImportHelpers.php#L205	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:smackcoders:wp_ultimate_csv_importer:*:*:*:*:*:wordpress:*:*

Information

Published : 2023-08-04 03:15

Updated : 2023-08-08 18:34

NVD link : CVE-2023-4140

Mitre link : CVE-2023-4140

JSON object : View

Products Affected

smackcoders

wp_ultimate_csv_importer

CWE

CWE-269

Improper Privilege Management

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php", "name": "https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php", "tags": ["Patch"], "refsource": "MISC"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5fdba41f-daa5-44e8-bc47-aa8b7bd31054?source=cve", "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5fdba41f-daa5-44e8-bc47-aa8b7bd31054?source=cve", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.9.6/importExtensions/ImportHelpers.php#L205", "name": "https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.9.6/importExtensions/ImportHelpers.php#L205", "tags": ["Release Notes"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-269"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-4140", "ASSIGNER": "security@wordfence.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2023-08-04T03:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:smackcoders:wp_ultimate_csv_importer:*:*:*:*:*:wordpress:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.9.8"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-08-08T18:34Z"}