CVE-2023-4140 Information

Description

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to and including 7.9.8 due to insufficient restriction on the ‘get_header_values’ function. This makes it possible for authenticated attackers with minimal permissions such as an author if the administrator previously grants access in the plugin settings to modify their user role by supplying the ‘wp_capabilities->cus1’ parameter.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php https://www.wordfence.com/threat-intel/vulnerabilities/id/5fdba41f-daa5-44e8-bc47-aa8b7bd31054?source=cve https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/7.9.6/importExtensions/ImportHelpers.php#L205

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

6.6