CVE-2025-10058
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-09-17
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpres | wp_ultimate_csv_importer | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the WP Import β Ultimate CSV XML Importer for WordPress plugin, where insufficient validation of file paths in the upload_function() allows authenticated users with Subscriber-level access or higher to delete arbitrary files on the server. This can lead to serious consequences such as remote code execution if critical files like wp-config.php are deleted.
How can this vulnerability impact me? :
The vulnerability can allow an attacker with low-level authenticated access to delete important files on the server, potentially leading to remote code execution. This means an attacker could take control of the server, disrupt website functionality, or compromise sensitive data.