22 matches found
EUVD-2024-53887
Malicious code in bioql PyPI...
CVE-2024-9664
The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of untrusted input from an import file. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP...
CVE-2024-9661
The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the deleteandedit function. This makes it possible for unauthenticated attackers to delete imported content posts, comment...
CVE-2024-9664
The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of untrusted input from an import file. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP...
CVE-2024-9661 WP All Import Pro <= 4.9.7 - Cross-Site Request Forgery to Imported Content Deletion
The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the deleteandedit function. This makes it possible for unauthenticated attackers to delete imported content posts, comment...
CVE-2024-9661
CVE-2024-9661 refers to WP All Import Pro for WordPress, vulnerable to Cross-Site Request Forgery due to missing nonce validation in the delete_and_edit function. This allows unauthenticated attackers to delete imported content (posts, comments, users, etc.) by tricking an administrator into a fo...
CVE-2024-9661 WP All Import Pro <= 4.9.7 - Cross-Site Request Forgery to Imported Content Deletion
The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the deleteandedit function. This makes it possible for unauthenticated attackers to delete imported content posts, comment...
WordPress plugin WP All Import Pro 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
PT-2025-5988 · WordPress · Wp All Import Pro
Name of the Vulnerable Software and Affected Versions: WP All Import Pro versions up to and including 4.9.7 Description: The issue is related to cross-site request forgery due to missing nonce validation in the delete and edit function. This allows unauthenticated attackers to delete imported...
CVE-2024-9624
The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxicurldownload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to ma...
WordPress WP All Import Pro plugin < 4.9.8 - Cross-Site Request Forgery to Imported Content Deletion vulnerability
Cross-Site Request Forgery to Imported Content Deletion vulnerability discovered by ? in WordPress Plugin WP All Import Pro versions 4.9.8...
WordPress WP All Import Pro plugin < 4.9.8 - Authenticated (Administrator+) PHP Object Injection via Import File vulnerability
Authenticated Administrator+ PHP Object Injection via Import File vulnerability discovered by ? in WordPress Plugin WP All Import Pro versions 4.9.8...
WordPress WP All Import Pro plugin <= 4.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin WP All Import Pro versions = 4.9.7...
CVE-2024-8722 WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload
The Import any XML or CSV File to WordPress PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-8722 WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload
The Import any XML or CSV File to WordPress PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-9624
The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxicurldownload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to ma...
CVE-2024-9624 WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import
The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxicurldownload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to ma...
CVE-2024-9624 WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import
The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxicurldownload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to ma...
CVE-2024-9624
WP All Import Pro (WordPress) FIXED: SSRF in pmxi_curl_download affects all versions ≤ 4.9.3, exploitable by authenticated (Administrator+) users to issue web requests from the app to arbitrary locations, including internal service endpoints and cloud instance metadata. CVSS 3.1 vector: NETWORK/L...
WordPress plugin WP All Import Pro 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...