TLDR: Wordfence's Bug Bounty Program rewards researchers for reporting vulnerabilities. A recent submission uncovered two critical issues in the WP Ultimate CSV Importer plugin (versions ≤ 7.19) that allow authenticated users to upload malicious files and delete key site files, risking site takeover. The vulnerabilities have been patched in version 7.19.1. Users should update immediately. Wordfence protects all users against these threats.
20,000 WordPress Sites Affected by Arbitrary File Upload and Deletion Vulnerabilities in WP Ultimate CSV Importer WordPress Plugin
