A Sensitive Data Exposure vulnerability has been identified in the WordPress WP Ultimate CSV Importer plugin. This vulnerability could allow an attacker to view sensitive data from the affected website, such as user email addresses and passwords.

The vulnerability is classified as a Sensitive Data Exposure issue and was discovered by Lana Codes. The vulnerability is a Sensitive Data Exposure vulnerability that occurs in the wp-ultimate-csv-importer.php file. The vulnerability allows an attacker to view sensitive data by sending a specially crafted request.


The vulnerability has a CVSS 3.1 score of 7.5, which is considered to be high.

Affected Versions:

The vulnerability affects WP Ultimate CSV Importer plugin versions prior to 7.9.9.


An attacker who successfully exploits this vulnerability could view sensitive data from the affected website, such as:

  • User email addresses
  • User passwords
  • Other sensitive information that is stored in the database

This information could then be used by the attacker to commit identity theft, fraud, or other malicious activities.


To protect website and user data from potential exploitation, immediate action is essential:

  1. Update Immediately: Update the WordPress WP Ultimate CSV Importer Plugin to version 7.9.9 or higher without delay. The latest version contains essential patches to address the Sensitive Data Exposure vulnerability and enhance overall plugin security.
  2. Regular Security Audits: Conduct regular security audits of the WordPress website to identify and address potential vulnerabilities proactively.
  3. Stay Informed: Stay informed about the latest security updates and advisories related to the WP Ultimate CSV Importer Plugin. Regularly check for plugin updates and apply them promptly.
  4. Prioritize Data Security: Implement robust data security measures on the website, including encryption and access controls, to minimize the impact of potential data breaches.