VULHUB ™

Due to lack of verification of a visitors permissions, it is possible to execute the export.php script included in the default installation of the Ultimate CSV Importer plugin and retrieve the full contents of the user table in the WordPress installation. This results in full disclosure of usernames, hashed passwords and email addresses for all users.

Due to lack of verification of a visitors permissions, it is possible to execute the export.php script included in the default installation of the Ultimate CSV Importer plugin and retrieve the full contents of the user table in the WordPress installation. This results in full disclosure of usernames, hashed passwords and email addresses for all users.