CVE Tools

smackcoders

Web & CMS Pluginscommercial

12

Cumulative CVEs

4

Monthly snapshots

#63

Peak rank

Top products

wp ultimate csv importer – import csv, xml & excel into wordpress2 wordpress helpdesk integration1 wp import – ultimate csv xml importer for wordpress1

Latest CVEs

The 15 most recently published vulnerabilities affecting smackcoders.

CVE-2026-1317WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name6.5Feb 18, 2026
CVE-2025-14627WP Import – Ultimate CSV XML Importer for WordPress <= 7.35 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink Bypass6.4Jan 1, 2026
CVE-2025-13606Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure6.5Dec 2, 2025
CVE-2025-13145WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import7.2Nov 19, 2025
CVE-2025-12732WP Import – Ultimate CSV XML Importer for WordPress <= 7.33 - Missing Authorization to Authenticated (Author+) Sensitive Information Exposure4.3Nov 12, 2025
CVE-2025-10057WP Import – Ultimate CSV XML Importer for WordPress 7.20 - 7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection8.8Sep 17, 2025
CVE-2025-10058WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Authenticated (Subscriber+) Arbitrary File Deletion8.1Sep 17, 2025
CVE-2025-10040WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure7.7Sep 10, 2025
CVE-2025-9990WordPress Helpdesk Integration <= 5.8.10 - Unauthenticated Local File Inclusion8.1Sep 5, 2025
CVE-2025-5692Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Many Actions6.3Jul 2, 2025
CVE-2025-2008Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload8.8Apr 1, 2025
CVE-2025-2007Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Deletion8.1Apr 1, 2025
CVE-2025-2332Export All Posts, Products, Orders, Refunds & Users <= 2.13 - Unauthenticated PHP Object Injection9.8Mar 27, 2025
CVE-2024-12315Export All Posts, Products, Orders, Refunds & Users <= 2.9.3 - Information Disclosure Through Unprotected Directory7.5Feb 12, 2025
CVE-2024-9364SendGrid for WordPress <= 1.4 - Missing Authorization to Authenticated (Subscriber+) Log Deletion4.3Oct 18, 2024