CVE-2025-6207

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpietempalteimport' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2025-6207

creationtimestamp| type| source ---|---|--- 2025-08-05 07:53:52+00:00| seen| Telegram/6YLPjfZdB-8KAiKKylTFKP-kV52JylfcxVI-O79bUyVUJag...

CVE-2025-6207

The WP Import Export Lite plugin for WordPress is affected by an arbitrary file upload vulnerability caused by missing file type validation in the wpie_tempalte_import function, affecting all versions up to and including 3.9.28. Authenticated users with Subscriber-level access or higher, and with...

CVE-2025-6207 WP Import Export Lite <= 3.9.28 - Authenticated (Subscriber+) Arbitrary File Upload

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpietempalteimport' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

WordPress WP Import Export Lite plugin <= 3.9.28 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Vincent Fourcade vinceMatsui in WordPress Plugin WP Import Export Lite versions = 3.9.28...