HIGH
smackcoders
CVE published 2026-07-11
CVE-2026-13353
The WP Ultimate CSV Importer plugin for WordPress has a Remote Code Execution vulnerability due to missing capability checks and exposed plugin nonce, allowing authenticated attackers to execute code on the server. This vulnerability affects WordPress sites with the plugin installed, particularly those with subscriber-level access or above. The vulnerability is caused by missing capability checks on the A [truncated]