WP Ultimate CSV Importer

Authenticated (Subscriber+) Arbitrary File Upload vulnerability <= 7.19

Authenticated (Subscriber+) Arbitrary File Deletion vulnerability <= 7.19

Authenticated Arbitrary Usermeta Update to Privilege Escalation vulnerability <= 7.9.8

Sensitive Information Exposure via Directory Listing vulnerability <= 7.9.8

Authenticated PHP file upload to RCE vulnerability <= 7.9.8