CVE-2025-4190 – WordPress CSV Mass Importer File Upload Privilege Escalation Vulnerability

CVE ID : CVE-2025-4190

Published : May 17, 2025, 6:15 a.m. | 48 minutes ago

Description : The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…