161 matches found
CVE-2026-57628
CVE-2026-57628 : Concrete details across connected sources show an Admin SQL Injection vulnerability in the WordPress WP All Import plugin, versions
EUVD-2026-39744
Administrator SQL Injection in WP All Import = 4.0.1 versions...
CVE-2026-57628 WordPress WP All Import plugin <= 4.0.1 - SQL Injection vulnerability
Administrator SQL Injection in WP All Import = 4.0.1 versions...
WordPress WP All Import plugin <= 4.0.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WP All Import versions = 4.0.1...
PT-2026-52799
Administrator SQL Injection in WP All Import = 4.0.1 versions...
WordPress WP All Import plugin <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath' vulnerability
Reflected Cross-Site Scripting via 'filepath' vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin WP All Import versions = 4.0.0...
CVE-2026-2830
The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2026-2830 WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath'
The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2026-2830
WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets (WordPress plugin) is listed as vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in versions up to and including 4.0.0 due to insufficient input sanitization and output escaping. The CVE notes unauthen...
CVE-2026-2830 WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath'
The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...
WordPress plugin WP All Import 代码注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress WP All Import plugin < 3.7.3 - Admin+ Arbitrary File Upload to RCE vulnerability
Admin+ Arbitrary File Upload to RCE vulnerability discovered by quangnt in WordPress Plugin WP All Import versions 3.7.3...
CVE-2017-18567
The wp-all-import plugin before 3.4.6 for WordPress has XSS...
Exploit for CVE-2015-9331
CVE-2015-9331 POC Vulnerability Description CVE-2015-9331...
CVE-2025-12733
The Import any XML, CSV or Excel File to WordPress WP All Import plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.9.6. This is due to the use of eval on unsanitized user-supplied input in the pmxiif function within helpers/functions.php. This mak...
CVE-2025-12733
CVE-2025-12733 affects the WordPress plugin Import any XML, CSV or Excel File to WordPress (WP All Import) up to version 3.9.6. The issue is an authenticated (Administrator+) Remote Code Execution via crafted import templates, caused by the use of eval() on unsanitized input in pmxi_if within hel...
WordPress Import any XML, CSV or Excel File to WordPress (WP All Import) plugin <= 3.9.6 - Authenticated (Administrator+) Remote Code Execution via Conditional Logic vulnerability
Authenticated Administrator+ Remote Code Execution via Conditional Logic vulnerability discovered by tmrswrr in WordPress Plugin WP All Import versions = 3.9.6...
EUVD-2018-13514
Malware in sbrugna...
EUVD-2018-1363
Malware in sbrugna...
EUVD-2018-1364
Malware in sbrugna...