WordPress WP All Import plugin <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath' vulnerability

Reflected Cross-Site Scripting via 'filepath' vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin WP All Import versions = 4.0.0...

WordPress WP All Import plugin < 3.7.3 - Admin+ Arbitrary File Upload to RCE vulnerability

Admin+ Arbitrary File Upload to RCE vulnerability discovered by quangnt in WordPress Plugin WP All Import versions 3.7.3...

CVE-2017-18567

The wp-all-import plugin before 3.4.6 for WordPress has XSS...

EUVD-2018-1364

Malware in sbrugna...

EUVD-2018-13514

Malware in sbrugna...

CVE-2015-9329

The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS...

WordPress WP All Import plugin <= 3.7.9 - Authenticated (Administrator+) PHP Object Injection via Import File vulnerability

Authenticated Administrator+ PHP Object Injection via Import File vulnerability discovered by ? in WordPress Plugin WP All Import versions = 3.7.9...

CVE-2018-20978

The wp-all-import plugin before 3.4.7 for WordPress has XSS...

CVE-2015-9330

The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection...

Cross site scripting

The wp-all-import plugin before 3.4.6 for WordPress has XSS...

CVE-2018-16256

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering OptionsAdd Rule. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a...

CVE-2018-16259

CVE-2018-16259 corresponds to XSS in WordPress WP All Import plugin v3.4.9 via the pmxi-admin-settings large_feed_limit. Multiple connected sources confirm this as a vulnerability affecting WP All Import 3.4.9, with exploitation requiring administrator authentication (logged-in admin). Root cause...

CVE-2018-16259

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings largefeedlimit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of b...

CVE-2018-16256

WP All Import plugin for WordPress (version 3.4.9) contains a cross-site scripting (XSS) vulnerability that can be triggered via the Add Filtering Options (Add Rule) feature. The issue is reported as present in 3.4.9 and is tied to insufficient input validation, with disclosures noting the vulner...

CVE-2018-16255

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in...

CVE-2018-16254

Summary: CVE-2018-16254 concerns an XSS vulnerability in the WordPress plugin WP All Import (version 3.4.9) exposed via the parameter action=options. The vulnerability is described as exploitable by a logged-in administrator; the vendor states it is not a vulnerability. The linked OpenVAS entry c...

PT-2019-9288 · WordPress · Wp All Import

Name of the Vulnerable Software and Affected Versions: WP All Import plugin version 3.4.9 Description: The issue concerns an XSS vulnerability in the WP All Import plugin for WordPress. It can be exploited via the Add Filtering Options Add Rule feature. The vendor has stated that this is not...

WordPress WP All Import plugin cross-site scripting vulnerability (CNVD-2019-30136)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WP All Import plugin is used in one of the file import plugin. A cross-site scripting vulnerability exists in WordPress WP All Import...

CVE-2018-0547

Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.7 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors...

WordPress WP All Import Plugin <= 3.2.4 - Multiple Vulnerabilities

This plugin is prone to an SQL injection and cross site scripting vulnerabilities. Because of them, attackers can gain admin access to your website or trick you into visiting the malicious URL. Solution Update the plugin...